Candidate: CVE-2013-5915
PublicDate: 2013-10-04 17:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5915
 https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2013-05
 http://secunia.com/advisories/55084
 http://osvdb.org/98049
Description:
 The RSA-CRT implementation in PolarSSL before 1.2.9 does not properly
 perform Montgomery multiplication, which might allow remote attackers to
 conduct a timing side-channel attack and retrieve RSA private keys.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725359
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_polarssl:
upstream_polarssl: released (1.2.9)
lucid_polarssl: ignored (reached end-of-life)
precise_polarssl: ignored (reached end-of-life)
precise/esm_polarssl: DNE (precise was needs-triage)
quantal_polarssl: ignored (reached end-of-life)
raring_polarssl: ignored (reached end-of-life)
saucy_polarssl: ignored (reached end-of-life)
trusty_polarssl: not-affected (1.3.4-1)
trusty/esm_polarssl: DNE (trusty was not-affected [1.3.4-1])
utopic_polarssl: not-affected (1.3.4-1)
vivid_polarssl: not-affected (1.3.4-1)
vivid/stable-phone-overlay_polarssl: DNE
vivid/ubuntu-core_polarssl: DNE
wily_polarssl: not-affected (1.3.4-1)
xenial_polarssl: DNE
yakkety_polarssl: DNE
zesty_polarssl: DNE
devel_polarssl: DNE

Patches_mbedtls:
upstream_mbedtls: released (1.2.9)
precise_mbedtls: DNE
precise/esm_mbedtls: DNE
trusty_mbedtls: DNE
trusty/esm_mbedtls: DNE
vivid/stable-phone-overlay_mbedtls: DNE
vivid/ubuntu-core_mbedtls: DNE
wily_mbedtls: DNE
xenial_mbedtls: not-affected (1.3.4-1)
yakkety_mbedtls: not-affected (1.3.4-1)
zesty_mbedtls: not-affected (1.3.4-1)
devel_mbedtls: not-affected (1.3.4-1)