Control: tags -1 + confirmed On Tue, 2016-04-19 at 19:19 +0200, László Böszörményi wrote: > There's a vulnerability in Crypto++, the C++ class library of > cryptographic schemes. > It's CVE-2016-3995, bogus protection from timing attacks in AES > (Rijndael) cipher. GCC could optimize the protection out. The patch > (already in Sid + Stretch) prevents this. It's minor for a security > update, but can be enough for a normal package update.
Please go ahead. Regards, Adam
