Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
deps: float a9cfb8c2 from openssl (CVE-2018-0734)
Low severity timing vulnerability in the DSA signature algorithm Publicly disclosed but unreleased, pending OpenSSL 1.1.0j Ref: openssl/openssl#7486 Ref: https://www.openssl.org/news/secadv/20181030.txt PR-URL: https://github.com/nodejs/node/pull/??? Upstream: openssl/openssl@a9cfb8c2 Original commit message: Avoid a timing attack that leaks information via a side channel that triggers when a BN is resized. Increasing the size of the BNs prior to doing anything with them suppresses the attack. Thanks due to Samuel Weiser for finding and locating this. Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from openssl/openssl#7486) PR-URL: #23965 Reviewed-By: Ujjwal Sharma <usharma1998@gmail.com> Reviewed-By: Tobias Nießen <tniessen@tnie.de> Reviewed-By: Franziska Hinkelmann <franziska.hinkelmann@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com>
- Loading branch information