Hello, You are receiving this email because you are (or were) listed as a package maintainer for Crypto++. Emails are also being sent to the well known security@ address from RFC 2142. Please accept apologies if you receive this email multiple times.
Crypto++ committed the patch for CVE-2015-2141 today. For SVN, the commit of interest is r542. You can find it at https://sourceforge.net/p/cryptopp/code/542/. For GitHub, the commit of interest is 9425e16437439e68c7d96abef922167d68fafaff. You can find it at https://github.com/weidai11/cryptopp/commit/9425e16437439e68c7d96abef922167d68fafaff. ***** CVE-2015-2141 Details ***** Evgeny Sidorov discovered he could recover the private key when using Rabin-Williams signatures due to a bad interaction with the blinding value used to mask private key operations. The bad interaction had to do with the random value not meeting certain Jacobi requirements. The full writeup can be found at https://eprint.iacr.org/2015/368. Jean-Pierre Münch suggested a simple fix to avoid the bad interaction: square the random value. Squaring the random value meant the value satisfied the Jacobi requirements, and it avoid trial-and-error on producing the random value in a loop. Avoiding trial-and-error saved about 6-8 iterations of the loop, and about 12 Jacobi tests on average. ***** Obtain the latest sources ***** To checkout from SVN, issue: svn checkout https://svn.code.sf.net/p/cryptopp/code/trunk/c5 cryptopp To clone from Wei Dai's GitHub, issue: git clone https://github.com/weidai11/cryptopp.git cryptopp The ZIP files from the website do *not* include the latest revisions. You should not build a package based upon it. ***** DataDir patch ***** As a maintainer, you may be interested in the DataDir patch. The patch ensures the self tests and benchmarks run after the library is installed. For the patch and a script to help integrate it, see http://www.cryptopp.com/wiki/DataDir. -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss