Skip to content
Snippets Groups Projects
Select Git revision
  • master default protected
  • R3_8_2_patches
  • 3.10.x
  • R3_9_maintenance
  • R3_8_1_patches
  • R3_7_2_patches
  • R3_7_1_patches
  • R3_6_3_patches
  • R3_6_2_patches
  • R3_6_maintenance
  • R3_2_5_patches
  • R3_6_0_patches
  • R3_5_2_patches
  • R3_4_2_patches
  • R3_5_1_patches
  • R3_4_1_patches
  • R3_2_5_1_patches
  • R3_3_2_patches
  • ccc_Git
  • R3_4_0_patches
  • R3_37
  • R3_29
  • R3_30
  • R3_31
  • R3_32
  • R3_36
  • R3_22
  • R3_23
  • R3_24
  • R3_25
  • R3_18
  • R3_19
  • R3_21
  • R3_13
  • R3_14
  • 3.10.0
  • R3_9_0
  • R3_6_1
  • R3_6_maintenance
  • v201406201440
40 results
Compare
user avatar
libgcrypt: solve CVE-2021-33560 and CVE-2021-40528
Marta Rybczynska authored 
This change fixes patches for two issues reported in a research
paper [1]: a side channel attack (*) and a cross-configuration
attack (**).

In this commit we add a fix for (*) that wasn't marked as a CVE
initially in the upstream. A fix of (**) available in Yocto
backport is in fact fixing CVE-2021-40528, not CVE-2021-33560
as marked in the commit message.

We commit the accual fix for CVE-2021-33560 and whitelist
CVE-2021-40528 until we rename the patch upstream.

For details of the mismatch and the timeline see [2] (fix of the
documentation) and [3] (the related ticket upstream).

[1] https://eprint.iacr.org/2021/923.pdf
[2] https://dev.gnupg.org/rCb118681ebc4c9ea4b9da79b0f9541405a64f4c13
[3] https://dev.gnupg.org/T5328#149606



Signed-off-by: default avatarMarta Rybczynska <marta.rybczynska@huawei.com>
3c8832f8
History
user avatar 3c8832f8
History
Name Last commit Last update

Copyright © Eclipse Foundation, Inc. All Rights Reserved.     Privacy Policy | Terms of Use | Copyright Agent