I'm working on CVE-2018-16868/CVE-2018-16869, a side-channel attack that
affects gnutls and nettle, disclosed 2018-12, tagged low/local.
Unlike what I read in data/CVE/list, I understand that the nettle fix is
not just a new function - it's a rewrite of the RSA functions,
completemented by a new 'rsa_sec_decrypt' function.
Consequently the diff is large, and based on a new major version
(conflicts, missing files).
I note that the patch was written by RedHat (Simo Sorce), and that
gnutls is also maintained by a RedHat employee (Nikos Mavrogiannopoulos).
Despite this, RHEL (all releases) issued a "Will not fix" for both:
It's not in EPEL either after 3 months:
I see this as a strong signal that we should not attempt to backport the
fix, and go with a <no-dsa> (minor).
Alternatively we could upgrade nettle (libnettle4->libnettle6) which
doesn't break gnutls28's test suite, though it's likely to introduce
other issues (e.g. #789119).