nettle 3.6-2ubuntu0.1 source package in Ubuntu
Changelog
nettle (3.6-2ubuntu0.1) groovy-security; urgency=medium
* SECURITY UPDATE: Out of Bound memory access in signature verification
- debian/patches/CVE-2021-20305-1.patch: new functions
ecc_mod_mul_canonical and ecc_mod_sqr_canonical in
curve25519-eh-to-x.c, curve448-eh-to-x.c, ecc-eh-to-a.c,
ecc-internal.h, ecc-j-to-a.c, ecc-mod-arith.c, ecc-mul-m.c.
- debian/patches/CVE-2021-20305-2.patch: use ecc_mod_mul_canonical for
point comparison in eddsa-verify.c.
- debian/patches/CVE-2021-20305-3.patch: fix bug in ecc_ecdsa_verify in
ecc-ecdsa-verify.c, testsuite/ecdsa-sign-test.c.
- debian/patches/CVE-2021-20305-4.patch: ensure ecdsa_sign output is
canonically reduced in ecc-ecdsa-sign.c.
- debian/patches/CVE-2021-20305-5.patch: analogous fix to
ecc_gostdsa_verify in ecc-gostdsa-verify.c.
- debian/patches/CVE-2021-20305-6.patch: similar fix for eddsa in
eddsa-hash.c.
- debian/patches/CVE-2021-20305-7.patch: fix canonical reduction in
gostdsa_vko in gostdsa-vko.c.
- debian/libhogweed6.symbols: added new symbols.
- CVE-2021-20305
-- Marc Deslauriers <email address hidden> Tue, 06 Apr 2021 11:57:28 -0400
Upload details
- Uploaded by:
- Marc Deslauriers
- Uploaded to:
- Groovy
- Original maintainer:
- Ubuntu Developers
- Architectures:
- any
- Section:
- libs
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| nettle_3.6.orig.tar.gz | 2.2 MiB | d24c0d0f2abffbc8f4f34dcf114b0f131ec3774895f3555922fe2f40f3d5e3f1 |
| nettle_3.6.orig.tar.gz.asc | 573 bytes | f0ee81d3120bb85ce2adee753568f68361d33b3fe363b6a15462b06bb9518ad1 |
| nettle_3.6-2ubuntu0.1.debian.tar.xz | 25.2 KiB | 5c64076107208020366362e8a3f8ee1347adf0eea750d4938eefcd1f71b373f6 |
| nettle_3.6-2ubuntu0.1.dsc | 2.3 KiB | 5069e2ea8f95466b98dcc7b59bb79475b3940197fed7d594bfe7389f86ae929b |
Available diffs
Binary packages built by this source
- libhogweed6: No summary available for libhogweed6 in ubuntu groovy.
No description available for libhogweed6 in ubuntu groovy.
- libhogweed6-dbgsym: No summary available for libhogweed6-dbgsym in ubuntu groovy.
No description available for libhogweed6-dbgsym in ubuntu groovy.
- libnettle8: No summary available for libnettle8 in ubuntu groovy.
No description available for libnettle8 in ubuntu groovy.
- libnettle8-dbgsym: No summary available for libnettle8-dbgsym in ubuntu groovy.
No description available for libnettle8-dbgsym in ubuntu groovy.
- nettle-bin: No summary available for nettle-bin in ubuntu groovy.
No description available for nettle-bin in ubuntu groovy.
- nettle-bin-dbgsym: No summary available for nettle-bin-dbgsym in ubuntu groovy.
No description available for nettle-bin-dbgsym in ubuntu groovy.
- nettle-dev: No summary available for nettle-dev in ubuntu groovy.
No description available for nettle-dev in ubuntu groovy.
