AVG-140 log
| Package | openssl |
| Status | Not affected |
| Severity | Medium |
| Type | private key recovery |
| Affected | 1.0.2.j-1 |
| Fixed | Not affected |
| Current | 3.6.0-1 [core] |
| Ticket | None |
| Created | Sun Jan 15 07:25:41 2017 |
| Issue | Severity | Remote | Type | Description |
|---|---|---|---|---|
| CVE-2016-7056 | Medium | No | Private key recovery | The signing function in crypto/ecdsa/ecdsa_ossl.c in certain OpenSSL versions and forks is vulnerable to timing attacks when signing with the standardized... |
| Notes |
|---|
fixed in 1.0.2 |