Am 04.03.19 um 16:33 schrieb Sylvain Beucler: [...] > I see this as a strong signal that we should not attempt to backport the > fix, and go with a <no-dsa> (minor). > > Alternatively we could upgrade nettle (libnettle4->libnettle6) which > doesn't break gnutls28's test suite, though it's likely to introduce > other issues (e.g. #789119). > > Thoughts? > > Cheers! > Sylvain > I also worked on nettle/gnutls26 for Wheezy. There are too many changes and just backporting rsa_sec_decrypt in nettle would be an incomplete fix for CVE-2018-16869 because they introduced more hardening against those side-channel attacks in other functions. An upgrade of nettle would require a rebuild of all reverse-dependencies and that is probably too intrusive. Regards, Markus
Attachment:
signature.asc
Description: OpenPGP digital signature