https://security-tracker.debian.org/tracker/CVE-2016-6489
Magnus has started to prepare a wheezy update but had a few
questions. Here are some information that you should know about.
One question from Magnus was what should be mentioned in the changelog.
I suggest something like this:
"Protect against potential timing attacks against exponentiation operations as described in CVE-2016-6489 RSA code is vulnerable to cache sharing related attacks."
Magnus, please let me know if you want to upload the correction too and whether you want to issue the DLA or whether you want me to do that. We want to time the DLA and the upload so they are close to each other in time.
Magnus, if you decide to build the package for upload, please make sure to use the -sa option as wheezy-security need to know about the orig tar file. If not the package upload will be rejected.
Best regards
// Ola
--
--- Inguza Technology AB --- MSc in Information Technology ----
\ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 /
---------------------------------------------------------------