diff options
authorNIIBE Yutaka <[email protected]>2021-11-10 11:45:17 +0900
committerNIIBE Yutaka <[email protected]>2021-11-10 11:46:18 +0900
commitb118681ebc4c9ea4b9da79b0f9541405a64f4c13 (patch)
parent7f2fbbcdce46fbc52a634fa461b1e3b55aa5948b (diff)
doc: Fix NEWS entry to refer CVE-2021-40528.LIBGCRYPT-1.9-BRANCH
-- Timeline: (1) T5328 is created for https://eprint.iacr.org/2021/923.pdf (2) Firstly, we handled the side channel attack. (3) The libgcrypt team decided that the side channel attack is not worth for CVE assignment. Nevertheless, I pushed the change to mitigate the attack. It is included in libgcrypt 1.9.3, but not in 1.8 series. It is handled as an improvement of implementation. (4) Secondly, we handled the cross-configuration attack. I requested an assignement of CVE from MITRE and it's CVE-2021-33560. When I requested the assignment, it was specifically for the cross-configuration attack. (5) I pushed the change for the problem. It is included in libgcrypt 1.8.8 and libgcrypt 1.9.4. (6) The author got a CVE independently, it's CVE-2021-40528. Now, CVE-2021-40528 refers the cross configuration attack. And CVE-2021-33560 refers the side channel attack, unfortunately. To fix confusion, we change the entry to refer CVE-2021-40528. Signed-off-by: NIIBE Yutaka <[email protected]>
1 files changed, 1 insertions, 1 deletions
diff --git a/NEWS b/NEWS
index aa95f192..3a9566ca 100644
--- a/NEWS
+++ b/NEWS
@@ -11,7 +11,7 @@ Noteworthy changes in version 1.9.4 (2021-08-22) [C23/A3/R4]
* Bug fixes:
- Fix Elgamal encryption for other implementations.
- [#5328,CVE-2021-33560]
+ [#5328,CVE-2021-40528]
- Fix alignment problem on macOS. [#5440]