Update news

author: Jack Lloyd <[email protected]> 2018-12-19 09:05:07 -0500
committer: Jack Lloyd <[email protected]> 2018-12-19 09:05:07 -0500
commit: ae17d8a68215c22541ef04580e82a8a7d5b5d441 (patch)
tree: 0965a630d9704285e96800730a33bf3c78358d46 /news.rst
parent: d52602d9b2be7d74bd2e9251e203f4cae513293f (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/news.rst b/news.rst
index 118b75ac6..999bbcd22 100644
--- a/news.rst
+++ b/news.rst
@@ -4,6 +4,10 @@ Release Notes
 Version 2.9.0, Not Yet Released
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
+* CVE-2018-20187 Address a side channel during ECC key generation,
+  which used an unblinded Montgomery ladder. As a result, a timing
+  attack can reveal information about the high bits of the secret key.
+
 * Fix bugs in TLS which caused negotiation failures when the client
   used an unknown signature algorithm or version (GH #1711 #1709 #1708)
author	Jack Lloyd <[email protected]>	2018-12-19 09:05:07 -0500
committer	Jack Lloyd <[email protected]>	2018-12-19 09:05:07 -0500
commit	ae17d8a68215c22541ef04580e82a8a7d5b5d441 (patch)
tree	0965a630d9704285e96800730a33bf3c78358d46 /news.rst
parent	d52602d9b2be7d74bd2e9251e203f4cae513293f (diff)