libgcrypt: solve CVE-2021-33560 and CVE-2021-40528 - linux/poky.git

diff options

author	Marta Rybczynska <rybczynska@gmail.com>	2021-12-06 08:15:43 +0100
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2021-12-14 22:49:22 +0000
commit	ec21b227cdd2508717f7c9d50b7fd6046a7fc1b0 (patch)
tree	f4ed15c199abd666e0a6118128bdd38dc540c208 /scripts/lib/scriptutils.py
parent	947e5ff11c56e1a8d0d7e7c4b6bad6ce913fd22b (diff)
download	poky-ec21b227cdd2508717f7c9d50b7fd6046a7fc1b0.tar.gz

libgcrypt: solve CVE-2021-33560 and CVE-2021-40528

This change fixes patches for two issues reported in a research paper [1]: a side channel attack (*) and a cross-configuration attack (**). In this commit we add a fix for (*) that wasn't marked as a CVE initially upstream. A fix of (**) previosly available in OE backports is in fact fixing CVE-2021-40528, not CVE-2021-33560 as marked in the commit message. We commit the accual fix for CVE-2021-33560 and rename the existing fix with the correct CVE-2021-40528. For details of the mismatch and the timeline see [2] (fix of the documentation) and [3] (the related ticket upstream). [1] https://eprint.iacr.org/2021/923.pdf [2] https://dev.gnupg.org/rCb118681ebc4c9ea4b9da79b0f9541405a64f4c13 [3] https://dev.gnupg.org/T5328#149606 (From OE-Core rev: 0ce5c68933b52d2cfe9eea967d24d57ac82250c3) Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

Diffstat (limited to 'scripts/lib/scriptutils.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: