Hi, I'm working on CVE-2018-16868/CVE-2018-16869, a side-channel attack that affects gnutls and nettle, disclosed 2018-12, tagged low/local.
Unlike what I read in data/CVE/list, I understand that the nettle fix is not just a new function - it's a rewrite of the RSA functions, completemented by a new 'rsa_sec_decrypt' function. https://lists.lysator.liu.se/pipermail/nettle-bugs/2018/007363.html Consequently the diff is large, and based on a new major version (conflicts, missing files). I note that the patch was written by RedHat (Simo Sorce), and that gnutls is also maintained by a RedHat employee (Nikos Mavrogiannopoulos). Despite this, RHEL (all releases) issued a "Will not fix" for both: https://access.redhat.com/security/cve/cve-2018-16869 https://access.redhat.com/security/cve/cve-2018-16868 It's not in EPEL either after 3 months: https://bugzilla.redhat.com/show_bug.cgi?id=1654930 https://bugzilla.redhat.com/show_bug.cgi?id=1654929 https://apps.fedoraproject.org/packages/nettle https://apps.fedoraproject.org/packages/gnutls I see this as a strong signal that we should not attempt to backport the fix, and go with a <no-dsa> (minor). Alternatively we could upgrade nettle (libnettle4->libnettle6) which doesn't break gnutls28's test suite, though it's likely to introduce other issues (e.g. #789119). Thoughts? Cheers! Sylvain