[exo762]

There is a patch for that in GnuPG, available in both Debian and Ubuntu. Update your machines :)

FLOSS is amazing. One day since research paper and your machines are already patched. This means that probably no one had enough time to actually use this attack vector in the wild.

[JoeAltmaier]

I wonder how the patch was vetted. And what it costs- more CPU time? Slower decryption by what factor? Or does it just defeat the current technique, requiring new measurements to pin down THIS code's characteristic sounds.