Ola Lundqvist writes:
> However I was referring to the side-channel problem that was reported
> in the CVE and not to the unintended side-effect of the correction.
I see.
> Do you know a way to trigger the problem reported in the CVE, please
> let me know.
I'm afraid it's not so easy.
One app
Hi Niels
Thank you for the information.
// Ola
On Tue, Aug 9, 2016 at 3:32 PM, Niels Möller wrote:
> Ola Lundqvist writes:
>
>> However I was referring to the side-channel problem that was reported
>> in the CVE and not to the unintended side-effect of the correction.
>
> I see.
>
>> Do you kn
Hi Niels
Thank you for this instruction. Yes the modulo check is rather easy to
check. Definitely easier with your instruction than without.
However I was referring to the side-channel problem that was reported
in the CVE and not to the unintended side-effect of the correction.
Do you know a way
Ola Lundqvist writes:
> I have not tried to reproduce the potential side-channel issue as that one
> is rather hard to trigger. If anyone know about a tool for that, please let
> me know.
One basically has to patch a valid private key and clear the least
significant bit of p or q.
With lsh, se
Hi all
I have now prepared a build of nettle for wheezy, based on the patch that
Magnus prepared for me (thanks a lot for that!). You can find the debdiff
here:
http://apt.inguza.net/wheezy-security/nettle/nettle.debdiff
You can find the prepared packages here:
http://apt.inguza.net/wheezy-securi
Hi Andreas
It looks like you have managed without the context. I'm sorry that I was a
little too brief.
First thank you a lot for confirming that gnutls do not use nettle in
wheezy. This is very good to know as I can safely patch nettle without
considering gnutls usage of nettle. Thanks! It saves
On 2016-08-07 Ola Lundqvist wrote:
> On Sat, Aug 6, 2016 at 8:40 PM, Niels Möller wrote:
>> Ola Lundqvist writes:
>>> Magnus, Niels and I have been discussing the nettle update due to
>>> https://security-tracker.debian.org/tracker/CVE-2016-6489
>> Please note that some coordinatoino with gnutl
Hi Niels and gnutls maintainers
I do not think coordination with gnutls is needed. I can not see that
gnutls depend on nettle in wheezy.
I can see that it can potentially do that, but I do not think it do.
There are no dependencies declared on nettle library and from unstable
changelog it looks l
Ola Lundqvist writes:
> Magnus, Niels and I have been discussing the nettle update due to
> https://security-tracker.debian.org/tracker/CVE-2016-6489
Please note that some coordinatoino with gnutls may be needed, to avoid
a denial-of-service problem involving invalid private keys.
> I suggest s
fredagen den 5 augusti 2016 22.16.29 skrev Ola Lundqvist:
> Hi Magnus and LTS team
>
> Magnus, Niels and I have been discussing the nettle update due to
> https://security-tracker.debian.org/tracker/CVE-2016-6489
>
> Magnus has started to prepare a wheezy update but had a few
> questions. Here a
Hi Magnus
You are of course welcome to improve the language in the changelog. :-)
I should probably have put quite marks to clarify the language, that the
text after the CVE number is a part of the CVE name.
Like this:
Protect against potential timing attacks against exponentiation operations
as
Hi Magnus and LTS team
Magnus, Niels and I have been discussing the nettle update due to
https://security-tracker.debian.org/tracker/CVE-2016-6489
Magnus has started to prepare a wheezy update but had a few
questions. Here are some information that you should know about.
https://wiki.debian.org/L
12 matches
Mail list logo
