aboutsummaryrefslogtreecommitdiffstats
path: root/doc/security.rst
diff options
context:
space:
mode:
Diffstat (limited to 'doc/security.rst')
-rw-r--r--doc/security.rst8
1 files changed, 8 insertions, 0 deletions
diff --git a/doc/security.rst b/doc/security.rst
index 8e661c0ad..cd84997cc 100644
--- a/doc/security.rst
+++ b/doc/security.rst
@@ -18,6 +18,14 @@ https://keybase.io/jacklloyd and on most PGP keyservers.
2018
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+* 2018-06-13 (CVE-2018-0495): ECDSA side channel
+
+ A side channel in the ECDSA signature operation could allow a local attacker
+ to recover the secret key. Found by Keegan Ryan of NCC Group.
+
+ Fixed in 2.7.0. Due to a slight difference in code structure, versions before
+ 2.5.0 are not affected by this issue.
+
* 2018-04-10 (CVE-2018-9860): Memory overread in TLS CBC decryption
An off by one error in TLS CBC decryption meant that for a particular