Fabre

#1059310 libcrypto++: CVE-2023-50979 #1059310

Package:: src:libcrypto++

Source:: src:libcrypto++

Submitter:: Moritz Mühlenhoff

Date:: 2023-12-22 20:09:43 UTC

Severity:: normal

Tags:

#1059310#5

Date:: 2023-12-22 13:36:33 UTC

From:

To:

Hi,

The following vulnerability was published for libcrypto++.

CVE-2023-50979[0]:
| Crypto++ (aka cryptopp) through 8.9.0 has a Marvin side channel
| during decryption with PKCS#1 v1.5 padding.

https://github.com/weidai11/cryptopp/issues/1247


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-50979
https://www.cve.org/CVERecord?id=CVE-2023-50979

Please adjust the affected versions in the BTS as needed.

#1059310 libcrypto++: CVE-2023-50979 #1059310

Just Reply to ...

Reply to submitter ...

Send control command (Silently)

Set Architecture Tags (Silently)