package/cryptopp: security bump to version 8.6.0 (d7141377) · Commits · Infra Solutions / Reference Design / platsw / buildroot

Commit d7141377 authored Sep 24, 2021 by Fabrice Fontaine Committed by Yann E. MORIN Sep 25, 2021

package/cryptopp: security bump to version 8.6.0

This release clears CVE-2021-40530 and fixes a problem with ChaCha20
AVX2 implementation. The CVE was due to ElGamal encryption using a work
estimate to size encryption exponents instead subgroup order. The
ChaCha20 issue was due to mishandling a carry in the AVX2 code path. The
ChaCha20 issue was difficult to duplicate, so most users should not
experience it.

https://github.com/weidai11/cryptopp/releases/tag/CRYPTOPP_8_6_0



Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

parent 60f991e6

Hide whitespace changes

Inline Side-by-side

Please register or to comment