Bug#1059393: ABACuS arXiv.2310.09977

To: 1059393@bugs.debian.org
Cc: Boud Roukema <bouddebbug@cosmo.torun.pl>
Subject: Bug#1059393: ABACuS arXiv.2310.09977
From: Boud Roukema <bouddebbug@cosmo.torun.pl>
Date: Tue, 26 Dec 2023 12:03:36 +0100 (CET)
Message-id: <[🔎] 634462b5-571c-87ce-db5f-51838358be49@cosmo.torun.pl>
Reply-to: Boud Roukema <bouddebbug@cosmo.torun.pl>, 1059393@bugs.debian.org
References: <[🔎] 170342355990.3582010.6052187184833968520.reportbug@eldamar.lan>

hi openssh maintainers,

There's a proposed mitigation for CVE-2023-51767 with ABACuS:

https://arxiv.org/abs/2310.09977

https://github.com/CMU-SAFARI/ABACuS

Something on this should probably be added to the "Notes" at
https://security-tracker.debian.org/tracker/CVE-2023-51767 .

Disclaimer: I just saw the citation - I have no expertise in checking
the validity of the exploit or the mitigation.

Cheers
Boud

PS: Conspiracy theory (numerology): this bug number is 105000 +
101*93, while the ArXiv ID after YYMM is 101*97. Common to
both is 101*p where p is a prime and p < 100 . ;)

Reply to:

Follow-Ups:
- Bug#1059393: ABACuS arXiv.2310.09977
  - From: Colin Watson <cjwatson@debian.org>

References:
- Bug#1059393: openssh: CVE-2023-51767
  - From: Salvatore Bonaccorso <carnil@debian.org>

Prev by Date: Bug#1059393: openssh: CVE-2023-51767
Next by Date: Bug#774411:
Previous by thread: Bug#1059393: openssh: CVE-2023-51767
Next by thread: Bug#1059393: ABACuS arXiv.2310.09977
Index(es):
- Date
- Thread