CVE-2019-12904 and the next libgcrypt release.

Werner Koch wk at gnupg.org
Tue Jul 2 13:37:05 CEST 2019


On Wed, 26 Jun 2019 18:13, asif.haswarey at intel.com said:

> I was wondering if the vulnerability has been determined to be
> legitimate and if we will see a new release with this vulnerability

Not yet and thus don't see a reason for any immediate action.  In fact,
static tables are very common in crypto software and thus many more AES
implementations would be affected.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gcrypt-devel/attachments/20190702/fc5c2e3a/attachment.sig>


More information about the Gcrypt-devel mailing list