[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] CVE request: GnuPG side-channel attack on RSA secret keys
From: Kurt Seifried <kseifried () redhat ! com>
Date: 2013-07-26 19:01:13
Message-ID: 51F2C779.1040002 () redhat ! com
[Download RAW message or body]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 07/25/2013 05:38 AM, Thijs Kinkhorst wrote:
> Hi list,
>
> I'd like to request a CVE name for the side channel attack
> described in attached release announcements of GnuPG and Libgrypt.
>
>
> Thanks, Thijs
Quick note: even though the code has been split out (e.g. gpg,
gpg+libgcrypt) I'm treating it as a single code base for the purposes
of CVE assignment.
Please use CVE-2013-4242 for this issue.
Also Werner if you want to get CVE's in advance of announcements for
security issues I would be happy to pre-assign them to you. Email me
for details or check out:
https://people.redhat.com/kseifrie/CVE-OpenSource-Request-HOWTO.html
This of course goes for any other projects that want to get CVEs in
advance.
- --
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
iQIcBAEBAgAGBQJR8sd5AAoJEBYNRVNeJnmTMbkP/1+d5l1sdXKhYu3Ta1dtBdTl
JRf6qg9zbBghrEczxH8WTMuLyshwGuzPL2UH8eWQJoRQP7hzOi54hsHKXHnUtLUl
FrFqiaaf8v0lHzyPbgJFLS81onRanMFWh6osiDk/qOx4yG8fUs4P2CKCdUBhkXMZ
SRMr8T4qilNx+jyr9pEusBLIznjgTE+TiJUUYhzSq+hkGZ2MKhXF43JAvWWFmKFR
L0iFpruY54S53aNVHSG5a1Uk0x5dxzi3XE48GvmUW3VB/jJsJVYgBD2D67D6c+m9
wnrnDfExx4GVM9faaoMvxso1ahWHecuphqeho+/y3/QftlRelHHnzQmO15rdezaE
kCD9+duoxvzkRja7EfTQ4l3BUc1D9eRpOA1iv6ntlZBjpgAGeoJSipI+wpUZ9PjG
QqJf2IPc21i1N2Me/kdovA+1rRfVHIOBLDGZ6Ms4sqUMaWAXgr3wZ0HQGD6B91ws
srildeaW0Y5Ivx8YJwudhIhIbBJYd1lqUyDM+yrsH83Gt5u0FkJrAC9wLpEJgGj7
pH4YhR8tFZCgHAhIaJmBn4aLJ/H2Yq33UfUf+bmgZEQZEUQQrhpFFi8saSVuc0+O
vv+LuCowAD65vRyg49mDTHXVtGg6/mxl5kAtTU24jxw84PCvLFBtRkYozUmjzA+E
2NlSd00a+dnzICBygJMV
=w6xH
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic