> an unprivileged attacker could potentially utilize flush+reload cache > side-channel attack to measure the execution time of said subroutine to infer > user input.
Isn't it why my passwords show up as ●●●●●●●●● in sensible applications? The random fuss should also be added there in those application. I really do not see why we should be concerned. _______________________________________________ Freetype-devel mailing list Freetype-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/freetype-devel