Update Marvin fix Changelog entry
Upon further consideration we think that a remote attacker close to the
victim might be able to have precise enough timing information to
exploit the side channel as well. Update the Changelog to reflect this.
Signed-off-by: Janos Follath <janos.follath@arm.com>
diff --git a/ChangeLog.d/fix-Marvin-attack.txt b/ChangeLog.d/fix-Marvin-attack.txt
index 017f7b1..763533c 100644
--- a/ChangeLog.d/fix-Marvin-attack.txt
+++ b/ChangeLog.d/fix-Marvin-attack.txt
@@ -1,6 +1,8 @@
Security
- * Fix a timing side channel in RSA private operations. This side channel
- could be sufficient for a local attacker to recover the plaintext. It
- requires the attacker to send a large number of messages for decryption.
- For details, see "Everlasting ROBOT: the Marvin Attack", Hubert Kario.
- Reported by Hubert Kario, Red Hat.
+ * Fix a timing side channel in private key RSA operations. This side channel
+ could be sufficient for an attacker to recover the plaintext. A local
+ attacker or a remote attacker who is close to the victim on the network
+ might have precise enough timing measurements to exploit this. It requires
+ the attacker to send a large number of messages for decryption. For
+ details, see "Everlasting ROBOT: the Marvin Attack", Hubert Kario. Reported
+ by Hubert Kario, Red Hat.