Accepting request 711377 from home:pmonrealgonzalez:branches:devel:libraries:c_c++

- Fixed env-script-interpreter in cavs_driver.pl - Security fix: [bsc#1138939, CVE-2019-12904] * The C implementation of AES is vulnerable to a flush-and-reload side-channel attack because physical addresses are available to other processes. (The C implementation is used on platforms where an assembly-language implementation is unavailable.) * Added patches: - libgcrypt-CVE-2019-12904-GCM-Prefetch.patch - libgcrypt-CVE-2019-12904-GCM.patch - libgcrypt-CVE-2019-12904-AES.patch OBS-URL: https://build.opensuse.org/request/show/711377 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=127
2019-06-25 12:49:02 +00:00
parent 61eeda1b5c
commit 02d04cf4ae
6 changed files with 597 additions and 4 deletions
--- a/libgcrypt.changes
+++ b/libgcrypt.changes
@@ -1,3 +1,21 @@
+-------------------------------------------------------------------
+Fri Jun 21 16:53:07 UTC 2019 - Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
+
+- Fixed env-script-interpreter in cavs_driver.pl
+
+-------------------------------------------------------------------
+Fri Jun 21 16:39:00 UTC 2019 - Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
+
+- Security fix: [bsc#1138939, CVE-2019-12904]
+  * The C implementation of AES is vulnerable to a flush-and-reload
+    side-channel attack because physical addresses are available to
+    other processes. (The C implementation is used on platforms where
+    an assembly-language implementation is unavailable.)
+  * Added patches:
+    - libgcrypt-CVE-2019-12904-GCM-Prefetch.patch
+    - libgcrypt-CVE-2019-12904-GCM.patch
+    - libgcrypt-CVE-2019-12904-AES.patch
+
 -------------------------------------------------------------------
 Fri Apr 26 06:47:45 UTC 2019 - Jason Sikes <jsikes@suse.de>