CVE-2019-12904 and the next libgcrypt release.
Andreas Metzler
ametzler at bebt.de
Sun Jun 23 18:17:34 CEST 2019
On 2019-06-23 Werner Koch via Gcrypt-devel <gcrypt-devel at gnupg.org> wrote:
> On Fri, 21 Jun 2019 20:08, gcrypt-devel at gnupg.org said:
>> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12904
> See https://dev.gnupg.org/T4541 where I commented:
> Andreas, I wonder on which grounds you assigned a CVE for this claimed
> side-channel attack. The mentioned paper is about an old RSA
> side-channel and not on AES. I would like to see more facts than the
> reference to a guy who "knows PPC pretty well".
Hello Werner,
I did not assign (or request) the CVE, I just did a little bit of
housekeeping, adding a pointer to the CVE number in the bug report. ;-)
cu Andreas
More information about the Gcrypt-devel
mailing list