|
Message-ID: <51F2C779.1040002@redhat.com> Date: Fri, 26 Jul 2013 13:01:13 -0600 From: Kurt Seifried <kseifried@...hat.com> To: oss-security@...ts.openwall.com CC: Thijs Kinkhorst <thijs@...ian.org>, wk@...pg.org Subject: Re: CVE request: GnuPG side-channel attack on RSA secret keys -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 07/25/2013 05:38 AM, Thijs Kinkhorst wrote: > Hi list, > > I'd like to request a CVE name for the side channel attack > described in attached release announcements of GnuPG and Libgrypt. > > > Thanks, Thijs Quick note: even though the code has been split out (e.g. gpg, gpg+libgcrypt) I'm treating it as a single code base for the purposes of CVE assignment. Please use CVE-2013-4242 for this issue. Also Werner if you want to get CVE's in advance of announcements for security issues I would be happy to pre-assign them to you. Email me for details or check out: https://people.redhat.com/kseifrie/CVE-OpenSource-Request-HOWTO.html This of course goes for any other projects that want to get CVEs in advance. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) iQIcBAEBAgAGBQJR8sd5AAoJEBYNRVNeJnmTMbkP/1+d5l1sdXKhYu3Ta1dtBdTl JRf6qg9zbBghrEczxH8WTMuLyshwGuzPL2UH8eWQJoRQP7hzOi54hsHKXHnUtLUl FrFqiaaf8v0lHzyPbgJFLS81onRanMFWh6osiDk/qOx4yG8fUs4P2CKCdUBhkXMZ SRMr8T4qilNx+jyr9pEusBLIznjgTE+TiJUUYhzSq+hkGZ2MKhXF43JAvWWFmKFR L0iFpruY54S53aNVHSG5a1Uk0x5dxzi3XE48GvmUW3VB/jJsJVYgBD2D67D6c+m9 wnrnDfExx4GVM9faaoMvxso1ahWHecuphqeho+/y3/QftlRelHHnzQmO15rdezaE kCD9+duoxvzkRja7EfTQ4l3BUc1D9eRpOA1iv6ntlZBjpgAGeoJSipI+wpUZ9PjG QqJf2IPc21i1N2Me/kdovA+1rRfVHIOBLDGZ6Ms4sqUMaWAXgr3wZ0HQGD6B91ws srildeaW0Y5Ivx8YJwudhIhIbBJYd1lqUyDM+yrsH83Gt5u0FkJrAC9wLpEJgGj7 pH4YhR8tFZCgHAhIaJmBn4aLJ/H2Yq33UfUf+bmgZEQZEUQQrhpFFi8saSVuc0+O vv+LuCowAD65vRyg49mDTHXVtGg6/mxl5kAtTU24jxw84PCvLFBtRkYozUmjzA+E 2NlSd00a+dnzICBygJMV =w6xH -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.