On Mon, Jul 16, 2018 at 08:53:56AM +0200, Gábor Boskovits wrote:
> Are there any more packages needing attention?

libtomcrypt version 1.18.2 includes a fix; we would need to adapt this
to the bundled copy in Dropbear. I can take a look at this today.

NSS was fixed in Guix commit 7c3bea7e6299e1026c7964c83986a6b6c220879a by
Marius. Thanks, Marius!

The advisory mentions similar but not indentical issues in these
packages:

There is a new release of Crypto++ available. I'm not sure if this
addresses whatever issue was mentioned in the original advisory.

mbedTLS's changelog doesn't mention anything related to key extraction
side channels.

I don't see any related commits in Go's crypto/tls Git repo.