Publishing details

Created on 2021-04-11 by Ubuntu Archive Auto-Sync
Removed from disk on 2022-07-24.
Removal requested on 2022-07-23.
Published on 2021-04-11

Changelog

nettle (3.7-2.1ubuntu1) hirsute; urgency=medium

  * SECURITY UPDATE: Out of Bound memory access in signature verification
    - debian/patches/CVE-2021-20305-1.patch: new functions
      ecc_mod_mul_canonical and ecc_mod_sqr_canonical in
      curve25519-eh-to-x.c, curve448-eh-to-x.c, ecc-eh-to-a.c,
      ecc-internal.h, ecc-j-to-a.c, ecc-mod-arith.c, ecc-mul-m.c.
    - debian/patches/CVE-2021-20305-2.patch: use ecc_mod_mul_canonical for
      point comparison in eddsa-verify.c.
    - debian/patches/CVE-2021-20305-3.patch: fix bug in ecc_ecdsa_verify in
      ecc-ecdsa-verify.c, testsuite/ecdsa-sign-test.c.
    - debian/patches/CVE-2021-20305-4.patch: ensure ecdsa_sign output is
      canonically reduced in ecc-ecdsa-sign.c.
    - debian/patches/CVE-2021-20305-5.patch: analogous fix to
      ecc_gostdsa_verify in ecc-gostdsa-verify.c.
    - debian/patches/CVE-2021-20305-6.patch: similar fix for eddsa in
      eddsa-hash.c.
    - debian/patches/CVE-2021-20305-7.patch: fix canonical reduction in
      gostdsa_vko in gostdsa-vko.c.
    - debian/libhogweed6.symbols: added new symbols.
    - CVE-2021-20305

 -- Marc Deslauriers <email address hidden>  Tue, 06 Apr 2021 11:20:32 -0400

Available diffs

diff from 3.7-2.1 (in Debian) to 3.7-2.1ubuntu1 (6.5 KiB)

Builds

Package files

libhogweed6-dbgsym_3.7-2.1ubuntu1_amd64.ddeb (181.0 KiB)
libhogweed6-dbgsym_3.7-2.1ubuntu1_arm64.ddeb (179.4 KiB)
libhogweed6-dbgsym_3.7-2.1ubuntu1_armhf.ddeb (167.6 KiB)
libhogweed6-dbgsym_3.7-2.1ubuntu1_i386.ddeb (139.3 KiB)
libhogweed6-dbgsym_3.7-2.1ubuntu1_ppc64el.ddeb (184.8 KiB)
libhogweed6-dbgsym_3.7-2.1ubuntu1_riscv64.ddeb (175.0 KiB)
libhogweed6-dbgsym_3.7-2.1ubuntu1_s390x.ddeb (192.8 KiB)
libhogweed6_3.7-2.1ubuntu1_amd64.deb (190.6 KiB)
libhogweed6_3.7-2.1ubuntu1_arm64.deb (186.2 KiB)
libhogweed6_3.7-2.1ubuntu1_armhf.deb (178.5 KiB)
libhogweed6_3.7-2.1ubuntu1_i386.deb (192.5 KiB)
libhogweed6_3.7-2.1ubuntu1_ppc64el.deb (192.9 KiB)
libhogweed6_3.7-2.1ubuntu1_riscv64.deb (183.3 KiB)
libhogweed6_3.7-2.1ubuntu1_s390x.deb (188.7 KiB)
libnettle8-dbgsym_3.7-2.1ubuntu1_amd64.ddeb (250.0 KiB)
libnettle8-dbgsym_3.7-2.1ubuntu1_arm64.ddeb (267.0 KiB)
libnettle8-dbgsym_3.7-2.1ubuntu1_armhf.ddeb (257.3 KiB)
libnettle8-dbgsym_3.7-2.1ubuntu1_i386.ddeb (219.6 KiB)
libnettle8-dbgsym_3.7-2.1ubuntu1_ppc64el.ddeb (335.5 KiB)
libnettle8-dbgsym_3.7-2.1ubuntu1_riscv64.ddeb (256.1 KiB)
libnettle8-dbgsym_3.7-2.1ubuntu1_s390x.ddeb (295.1 KiB)
libnettle8_3.7-2.1ubuntu1_amd64.deb (142.9 KiB)
libnettle8_3.7-2.1ubuntu1_arm64.deb (149.4 KiB)
libnettle8_3.7-2.1ubuntu1_armhf.deb (154.7 KiB)
libnettle8_3.7-2.1ubuntu1_i386.deb (157.1 KiB)
libnettle8_3.7-2.1ubuntu1_ppc64el.deb (175.1 KiB)
libnettle8_3.7-2.1ubuntu1_riscv64.deb (170.1 KiB)
libnettle8_3.7-2.1ubuntu1_s390x.deb (152.0 KiB)
nettle-bin-dbgsym_3.7-2.1ubuntu1_amd64.ddeb (90.9 KiB)
nettle-bin-dbgsym_3.7-2.1ubuntu1_arm64.ddeb (91.5 KiB)
nettle-bin-dbgsym_3.7-2.1ubuntu1_armhf.ddeb (90.9 KiB)
nettle-bin-dbgsym_3.7-2.1ubuntu1_i386.ddeb (86.6 KiB)
nettle-bin-dbgsym_3.7-2.1ubuntu1_ppc64el.ddeb (98.8 KiB)
nettle-bin-dbgsym_3.7-2.1ubuntu1_riscv64.ddeb (90.0 KiB)
nettle-bin-dbgsym_3.7-2.1ubuntu1_s390x.ddeb (104.1 KiB)
nettle-bin_3.7-2.1ubuntu1_amd64.deb (24.9 KiB)
nettle-bin_3.7-2.1ubuntu1_arm64.deb (24.6 KiB)
nettle-bin_3.7-2.1ubuntu1_armhf.deb (22.7 KiB)
nettle-bin_3.7-2.1ubuntu1_i386.deb (26.4 KiB)
nettle-bin_3.7-2.1ubuntu1_ppc64el.deb (27.4 KiB)
nettle-bin_3.7-2.1ubuntu1_riscv64.deb (23.1 KiB)
nettle-bin_3.7-2.1ubuntu1_s390x.deb (26.5 KiB)
nettle-dev_3.7-2.1ubuntu1_amd64.deb (1.1 MiB)
nettle-dev_3.7-2.1ubuntu1_arm64.deb (1.1 MiB)
nettle-dev_3.7-2.1ubuntu1_armhf.deb (1.1 MiB)
nettle-dev_3.7-2.1ubuntu1_i386.deb (1.1 MiB)
nettle-dev_3.7-2.1ubuntu1_ppc64el.deb (1.1 MiB)
nettle-dev_3.7-2.1ubuntu1_riscv64.deb (1.2 MiB)
nettle-dev_3.7-2.1ubuntu1_s390x.deb (1.1 MiB)
nettle_3.7-2.1ubuntu1.debian.tar.xz (35.0 KiB)
nettle_3.7-2.1ubuntu1.dsc (2.3 KiB)
nettle_3.7.orig.tar.gz (2.3 MiB)
nettle_3.7.orig.tar.gz.asc (573 bytes)