Ubuntu
nettle package

nettle 3.7-2.1ubuntu1 source package in Ubuntu

Changelog

nettle (3.7-2.1ubuntu1) hirsute; urgency=medium

  * SECURITY UPDATE: Out of Bound memory access in signature verification
    - debian/patches/CVE-2021-20305-1.patch: new functions
      ecc_mod_mul_canonical and ecc_mod_sqr_canonical in
      curve25519-eh-to-x.c, curve448-eh-to-x.c, ecc-eh-to-a.c,
      ecc-internal.h, ecc-j-to-a.c, ecc-mod-arith.c, ecc-mul-m.c.
    - debian/patches/CVE-2021-20305-2.patch: use ecc_mod_mul_canonical for
      point comparison in eddsa-verify.c.
    - debian/patches/CVE-2021-20305-3.patch: fix bug in ecc_ecdsa_verify in
      ecc-ecdsa-verify.c, testsuite/ecdsa-sign-test.c.
    - debian/patches/CVE-2021-20305-4.patch: ensure ecdsa_sign output is
      canonically reduced in ecc-ecdsa-sign.c.
    - debian/patches/CVE-2021-20305-5.patch: analogous fix to
      ecc_gostdsa_verify in ecc-gostdsa-verify.c.
    - debian/patches/CVE-2021-20305-6.patch: similar fix for eddsa in
      eddsa-hash.c.
    - debian/patches/CVE-2021-20305-7.patch: fix canonical reduction in
      gostdsa_vko in gostdsa-vko.c.
    - debian/libhogweed6.symbols: added new symbols.
    - CVE-2021-20305

 -- Marc Deslauriers <email address hidden>  Tue, 06 Apr 2021 11:20:32 -0400

Upload details

Uploaded by:
Marc Deslauriers
Uploaded to:
Hirsute
Original maintainer:
Ubuntu Developers
Architectures:
any
Section:
libs
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
nettle_3.7.orig.tar.gz 2.3 MiB f001f64eb444bf13dd91bceccbc20acbc60c4311d6e2b20878452eb9a9cec75a
nettle_3.7.orig.tar.gz.asc 573 bytes 1f5ed81582441eb4d953ef8666521ebc349f41f7dde5e11cb0845a2c049941b1
nettle_3.7-2.1ubuntu1.debian.tar.xz 35.0 KiB 4036d43567a99d15fb962f29aea0f8bf537b4133a0c09032df8c3989139baf69
nettle_3.7-2.1ubuntu1.dsc 2.3 KiB 3668d67bd73eff9880b94ba03a4ff1968294f57d8d4a79a50e0e2935e840de74

View changes file

Binary packages built by this source

libhogweed6: No summary available for libhogweed6 in ubuntu impish.

No description available for libhogweed6 in ubuntu impish.

libhogweed6-dbgsym: No summary available for libhogweed6-dbgsym in ubuntu impish.

No description available for libhogweed6-dbgsym in ubuntu impish.

libnettle8: No summary available for libnettle8 in ubuntu impish.

No description available for libnettle8 in ubuntu impish.

libnettle8-dbgsym: No summary available for libnettle8-dbgsym in ubuntu impish.

No description available for libnettle8-dbgsym in ubuntu impish.

nettle-bin: No summary available for nettle-bin in ubuntu impish.

No description available for nettle-bin in ubuntu impish.

nettle-bin-dbgsym: No summary available for nettle-bin-dbgsym in ubuntu hirsute.

No description available for nettle-bin-dbgsym in ubuntu hirsute.

nettle-dev: No summary available for nettle-dev in ubuntu hirsute.

No description available for nettle-dev in ubuntu hirsute.