On 2018-04-16 20:51:26 [+0200], Salvatore Bonaccorso wrote:
> Severity: important
> CVE-2018-0737[0]:
> | The OpenSSL RSA Key generation algorithm has been shown to be
> | vulnerable to a cache timing side channel attack. An attacker with
> | sufficient access to mount cache timing attacks during the RSA key
> | generation process could recover the private key. Fixed in OpenSSL
> | 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev
> | (Affected 1.0.2b-1.0.2o).
> If you fix the vulnerability please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

do you want me to go ahead and prepare an upload? Upstream said that
they won't prepare a new release because it is classified with severity
low (yet it is filled here as important).
> Regards,
> Salvatore


Reply via email to