[Bug 1915906] Re: Ensure SRP BN_mod_exp follows the constant time path
Viacheslav
1915906 at bugs.launchpad.net
Mon Aug 2 17:29:55 UTC 2021
the fix is available in ubuntu/hirsute and higher, could you please
answer how high is the chance to see it backported to ubuntu/focal?
https://git.launchpad.net/ubuntu/+source/openssl/diff/crypto/srp/srp_lib.c?id=49aeae384e37deee3292e3f7da1dce5e417769ea
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1915906
Title:
Ensure SRP BN_mod_exp follows the constant time path
Status in openssl package in Ubuntu:
Confirmed
Bug description:
Hello,
I'd like to point out that there are two fixes missing from the
upstream, is there any chance to get them incorporated?
https://github.com/openssl/openssl/pull/13888
https://github.com/openssl/openssl/pull/13889
There was no CVE assigned, it was fixed between 1.1.1i and 1.1.1j.
Best regards
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1915906/+subscriptions
More information about the foundations-bugs
mailing list