[Bug 1915906] Re: Ensure SRP BN_mod_exp follows the constant time path
Adrien Nader
1915906 at bugs.launchpad.net
Thu Jun 15 07:53:59 UTC 2023
I forgot to mention the outcome of the discussion: we're following
openssl's own threat model here so there is no plan to patch and SRU
that.
** Changed in: openssl (Ubuntu)
Status: Confirmed => Won't Fix
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1915906
Title:
Ensure SRP BN_mod_exp follows the constant time path
Status in openssl package in Ubuntu:
Won't Fix
Bug description:
Hello,
I'd like to point out that there are two fixes missing from the
upstream, is there any chance to get them incorporated?
https://github.com/openssl/openssl/pull/13888
https://github.com/openssl/openssl/pull/13889
There was no CVE assigned, it was fixed between 1.1.1i and 1.1.1j.
Best regards
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1915906/+subscriptions
More information about the foundations-bugs
mailing list