deps: float 26d7fce1 from openssl (CVE-2018-0734 follow-on) #24353
Commits on Nov 14, 2018
-
deps: float 26d7fce1 from openssl (CVE-2018-0734 follow-on)
The fix for CVE-2018-0734, floated in 213c7d2, failed to include a constant-time calculation for one of the variables. This introduces a fix for that. Ref: openssl/openssl#7549 Upstream: openssl/openssl@26d7fce1 Original commit message: Add a constant time flag to one of the bignums to avoid a timing leak. Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from openssl/openssl#7549) (cherry picked from commit 00496b6423605391864fbbd1693f23631a1c5239)
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.