On Mon, Jul 16, 2018 at 08:53:56AM +0200, Gábor Boskovits wrote: > Are there any more packages needing attention?
libtomcrypt version 1.18.2 includes a fix; we would need to adapt this to the bundled copy in Dropbear. I can take a look at this today. NSS was fixed in Guix commit 7c3bea7e6299e1026c7964c83986a6b6c220879a by Marius. Thanks, Marius! The advisory mentions similar but not indentical issues in these packages: There is a new release of Crypto++ available. I'm not sure if this addresses whatever issue was mentioned in the original advisory. mbedTLS's changelog doesn't mention anything related to key extraction side channels. I don't see any related commits in Go's crypto/tls Git repo.
signature.asc
Description: PGP signature
