Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Fri, 26 Jul 2013 13:01:13 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: Thijs Kinkhorst <thijs@...ian.org>, wk@...pg.org
Subject: Re: CVE request: GnuPG side-channel attack on RSA
 secret keys

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 07/25/2013 05:38 AM, Thijs Kinkhorst wrote:
> Hi list,
> 
> I'd like to request a CVE name for the side channel attack
> described in attached release announcements of GnuPG and Libgrypt.
> 
> 
> Thanks, Thijs

Quick note: even though the code has been split out (e.g. gpg,
gpg+libgcrypt) I'm treating it as a single code base for the purposes
of CVE assignment.

Please use CVE-2013-4242  for this issue.

Also Werner if you want to get CVE's in advance of announcements for
security issues I would be happy to pre-assign them to you. Email me
for details or check out:

https://people.redhat.com/kseifrie/CVE-OpenSource-Request-HOWTO.html

This of course goes for any other projects that want to get CVEs in
advance.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQIcBAEBAgAGBQJR8sd5AAoJEBYNRVNeJnmTMbkP/1+d5l1sdXKhYu3Ta1dtBdTl
JRf6qg9zbBghrEczxH8WTMuLyshwGuzPL2UH8eWQJoRQP7hzOi54hsHKXHnUtLUl
FrFqiaaf8v0lHzyPbgJFLS81onRanMFWh6osiDk/qOx4yG8fUs4P2CKCdUBhkXMZ
SRMr8T4qilNx+jyr9pEusBLIznjgTE+TiJUUYhzSq+hkGZ2MKhXF43JAvWWFmKFR
L0iFpruY54S53aNVHSG5a1Uk0x5dxzi3XE48GvmUW3VB/jJsJVYgBD2D67D6c+m9
wnrnDfExx4GVM9faaoMvxso1ahWHecuphqeho+/y3/QftlRelHHnzQmO15rdezaE
kCD9+duoxvzkRja7EfTQ4l3BUc1D9eRpOA1iv6ntlZBjpgAGeoJSipI+wpUZ9PjG
QqJf2IPc21i1N2Me/kdovA+1rRfVHIOBLDGZ6Ms4sqUMaWAXgr3wZ0HQGD6B91ws
srildeaW0Y5Ivx8YJwudhIhIbBJYd1lqUyDM+yrsH83Gt5u0FkJrAC9wLpEJgGj7
pH4YhR8tFZCgHAhIaJmBn4aLJ/H2Yq33UfUf+bmgZEQZEUQQrhpFFi8saSVuc0+O
vv+LuCowAD65vRyg49mDTHXVtGg6/mxl5kAtTU24jxw84PCvLFBtRkYozUmjzA+E
2NlSd00a+dnzICBygJMV
=w6xH
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.