summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNIIBE Yutaka <gniibe@fsij.org>2021-11-10 11:45:17 +0900
committerNIIBE Yutaka <gniibe@fsij.org>2021-11-10 11:46:18 +0900
commitb118681ebc4c9ea4b9da79b0f9541405a64f4c13 (patch)
treeeebaf6ada0d7d16eb30bd89af624c2f58e70ba98
parent7f2fbbcdce46fbc52a634fa461b1e3b55aa5948b (diff)
downloadlibgcrypt-b118681ebc4c9ea4b9da79b0f9541405a64f4c13.tar.gz
doc: Fix NEWS entry to refer CVE-2021-40528.LIBGCRYPT-1.9-BRANCH
-- Timeline: (1) T5328 is created for https://eprint.iacr.org/2021/923.pdf (2) Firstly, we handled the side channel attack. (3) The libgcrypt team decided that the side channel attack is not worth for CVE assignment. Nevertheless, I pushed the change to mitigate the attack. It is included in libgcrypt 1.9.3, but not in 1.8 series. It is handled as an improvement of implementation. (4) Secondly, we handled the cross-configuration attack. I requested an assignement of CVE from MITRE and it's CVE-2021-33560. When I requested the assignment, it was specifically for the cross-configuration attack. (5) I pushed the change for the problem. It is included in libgcrypt 1.8.8 and libgcrypt 1.9.4. (6) The author got a CVE independently, it's CVE-2021-40528. Now, CVE-2021-40528 refers the cross configuration attack. And CVE-2021-33560 refers the side channel attack, unfortunately. To fix confusion, we change the entry to refer CVE-2021-40528. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
-rw-r--r--NEWS2
1 files changed, 1 insertions, 1 deletions
diff --git a/NEWS b/NEWS
index aa95f192..3a9566ca 100644
--- a/NEWS
+++ b/NEWS
@@ -11,7 +11,7 @@ Noteworthy changes in version 1.9.4 (2021-08-22) [C23/A3/R4]
* Bug fixes:
- Fix Elgamal encryption for other implementations.
- [#5328,CVE-2021-33560]
+ [#5328,CVE-2021-40528]
- Fix alignment problem on macOS. [#5440]