Bug#821835: jessie-pu: package libcrypto++/5.6.1-6+deb8u2

To: László Böszörményi <gcs@debian.org>, 821835@bugs.debian.org
Subject: Bug#821835: jessie-pu: package libcrypto++/5.6.1-6+deb8u2
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Tue, 19 Apr 2016 20:27:48 +0100
Message-id: <[🔎] 1461094068.14019.40.camel@adam-barratt.org.uk>
Reply-to: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 821835@bugs.debian.org
In-reply-to: <[🔎] CAKjSHr3aCMVKvDnYjKJQo6yRO_R_mSLXT6H8L4k_z5nLmDgwAw@mail.gmail.com>
References: <[🔎] CAKjSHr3aCMVKvDnYjKJQo6yRO_R_mSLXT6H8L4k_z5nLmDgwAw@mail.gmail.com>

Control: tags -1 + confirmed

On Tue, 2016-04-19 at 19:19 +0200, László Böszörményi wrote:
> There's a vulnerability in Crypto++, the C++ class library of
> cryptographic schemes.
> It's CVE-2016-3995, bogus protection from timing attacks in AES
> (Rijndael) cipher. GCC could optimize the protection out. The patch
> (already in Sid + Stretch) prevents this. It's minor for a security
> update, but can be enough for a normal package update.

Please go ahead.

Regards,

Adam

Reply to:

Follow-Ups:
- Bug#821835: jessie-pu: package libcrypto++/5.6.1-6+deb8u2
  - From: László Böszörményi (GCS) <gcs@debian.org>

References:
- Bug#821835: jessie-pu: package libcrypto++/5.6.1-6+deb8u2
  - From: László Böszörményi (GCS) <gcs@debian.org>

Prev by Date: Processed: Re: Bug#821834: wheezy-pu: package libcrypto++/5.6.1-6+deb7u2
Next by Date: Processed: Re: Bug#821835: jessie-pu: package libcrypto++/5.6.1-6+deb8u2
Previous by thread: Bug#821835: jessie-pu: package libcrypto++/5.6.1-6+deb8u2
Next by thread: Bug#821835: jessie-pu: package libcrypto++/5.6.1-6+deb8u2
Index(es):
- Date
- Thread