Candidate: CVE-2016-3995
PublicDate: 2017-02-13 18:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3995
 http://www.openwall.com/lists/oss-security/2016/04/10/6
Description:
 The timing attack protection in Rijndael::Enc::ProcessAndXorBlock and
 Rijndael::Dec::ProcessAndXorBlock in Crypto++ (aka cryptopp) before 5.6.4
 may be optimized out by the compiler, which allows attackers to conduct
 timing attacks.
Ubuntu-Description:
Notes:
Bugs:
 https://github.com/weidai11/cryptopp/issues/146
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N [7.5 HIGH]

Patches_libcrypto++:
upstream_libcrypto++: released (5.6.3-6)
precise_libcrypto++: ignored (reached end-of-life)
precise/esm_libcrypto++: DNE (precise was needed)
trusty_libcrypto++: released (5.6.1-6+deb8u3build0.14.04.1)
trusty/esm_libcrypto++: released (5.6.1-6+deb8u3build0.14.04.1)
vivid/stable-phone-overlay_libcrypto++: DNE
vivid/ubuntu-core_libcrypto++: DNE
wily_libcrypto++: ignored (reached end-of-life)
xenial_libcrypto++: released (5.6.1-9ubuntu0.1)

yakkety_libcrypto++: not-affected (5.6.3-8)
zesty_libcrypto++: not-affected
artful_libcrypto++: not-affected
bionic_libcrypto++: not-affected
devel_libcrypto++: not-affected