'Re: [oss-security] CVE request: GnuPG side-channel attack on RSA secret keys'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE request: GnuPG side-channel attack on RSA secret keys
From:       Kurt Seifried <kseifried () redhat ! com>
Date:       2013-07-26 19:01:13
Message-ID: 51F2C779.1040002 () redhat ! com
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 07/25/2013 05:38 AM, Thijs Kinkhorst wrote:
> Hi list,
> 
> I'd like to request a CVE name for the side channel attack
> described in attached release announcements of GnuPG and Libgrypt.
> 
> 
> Thanks, Thijs

Quick note: even though the code has been split out (e.g. gpg,
gpg+libgcrypt) I'm treating it as a single code base for the purposes
of CVE assignment.

Please use CVE-2013-4242  for this issue.

Also Werner if you want to get CVE's in advance of announcements for
security issues I would be happy to pre-assign them to you. Email me
for details or check out:

https://people.redhat.com/kseifrie/CVE-OpenSource-Request-HOWTO.html

This of course goes for any other projects that want to get CVEs in
advance.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQIcBAEBAgAGBQJR8sd5AAoJEBYNRVNeJnmTMbkP/1+d5l1sdXKhYu3Ta1dtBdTl
JRf6qg9zbBghrEczxH8WTMuLyshwGuzPL2UH8eWQJoRQP7hzOi54hsHKXHnUtLUl
FrFqiaaf8v0lHzyPbgJFLS81onRanMFWh6osiDk/qOx4yG8fUs4P2CKCdUBhkXMZ
SRMr8T4qilNx+jyr9pEusBLIznjgTE+TiJUUYhzSq+hkGZ2MKhXF43JAvWWFmKFR
L0iFpruY54S53aNVHSG5a1Uk0x5dxzi3XE48GvmUW3VB/jJsJVYgBD2D67D6c+m9
wnrnDfExx4GVM9faaoMvxso1ahWHecuphqeho+/y3/QftlRelHHnzQmO15rdezaE
kCD9+duoxvzkRja7EfTQ4l3BUc1D9eRpOA1iv6ntlZBjpgAGeoJSipI+wpUZ9PjG
QqJf2IPc21i1N2Me/kdovA+1rRfVHIOBLDGZ6Ms4sqUMaWAXgr3wZ0HQGD6B91ws
srildeaW0Y5Ivx8YJwudhIhIbBJYd1lqUyDM+yrsH83Gt5u0FkJrAC9wLpEJgGj7
pH4YhR8tFZCgHAhIaJmBn4aLJ/H2Yq33UfUf+bmgZEQZEUQQrhpFFi8saSVuc0+O
vv+LuCowAD65vRyg49mDTHXVtGg6/mxl5kAtTU24jxw84PCvLFBtRkYozUmjzA+E
2NlSd00a+dnzICBygJMV
=w6xH
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic