On 2018-04-16 20:51:26 [+0200], Salvatore Bonaccorso wrote: > Severity: important … > CVE-2018-0737[0]: > | The OpenSSL RSA Key generation algorithm has been shown to be > | vulnerable to a cache timing side channel attack. An attacker with > | sufficient access to mount cache timing attacks during the RSA key > | generation process could recover the private key. Fixed in OpenSSL > | 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev > | (Affected 1.0.2b-1.0.2o). > > If you fix the vulnerability please also make sure to include the > CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
do you want me to go ahead and prepare an upload? Upstream said that they won't prepare a new release because it is classified with severity low (yet it is filled here as important). > Regards, > Salvatore Sebastian