Format: 1.8 Date: Tue, 06 Apr 2021 11:20:32 -0400 Source: nettle Binary: libhogweed6 libnettle8 nettle-bin nettle-dev Built-For-Profiles: noudeb Architecture: amd64 Version: 3.7-2.1ubuntu1 Distribution: hirsute-proposed Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: libhogweed6 - low level cryptographic library (public-key cryptos) libnettle8 - low level cryptographic library (symmetric and one-way cryptos) nettle-bin - low level cryptographic library (binary tools) nettle-dev - low level cryptographic library (development files) Changes: nettle (3.7-2.1ubuntu1) hirsute; urgency=medium . * SECURITY UPDATE: Out of Bound memory access in signature verification - debian/patches/CVE-2021-20305-1.patch: new functions ecc_mod_mul_canonical and ecc_mod_sqr_canonical in curve25519-eh-to-x.c, curve448-eh-to-x.c, ecc-eh-to-a.c, ecc-internal.h, ecc-j-to-a.c, ecc-mod-arith.c, ecc-mul-m.c. - debian/patches/CVE-2021-20305-2.patch: use ecc_mod_mul_canonical for point comparison in eddsa-verify.c. - debian/patches/CVE-2021-20305-3.patch: fix bug in ecc_ecdsa_verify in ecc-ecdsa-verify.c, testsuite/ecdsa-sign-test.c. - debian/patches/CVE-2021-20305-4.patch: ensure ecdsa_sign output is canonically reduced in ecc-ecdsa-sign.c. - debian/patches/CVE-2021-20305-5.patch: analogous fix to ecc_gostdsa_verify in ecc-gostdsa-verify.c. - debian/patches/CVE-2021-20305-6.patch: similar fix for eddsa in eddsa-hash.c. - debian/patches/CVE-2021-20305-7.patch: fix canonical reduction in gostdsa_vko in gostdsa-vko.c. - debian/libhogweed6.symbols: added new symbols. - CVE-2021-20305 Checksums-Sha1: 5252c3f00e9bb99b22901fb044038395627f5189 185296 libhogweed6-dbgsym_3.7-2.1ubuntu1_amd64.ddeb 55c4bae5c6c459c1eae9103db61205f90b1aa52b 195188 libhogweed6_3.7-2.1ubuntu1_amd64.deb 31c0051ae6ef7a8f1071aca81182f1996865a85b 256000 libnettle8-dbgsym_3.7-2.1ubuntu1_amd64.ddeb 282d79da0e999c131b5043ab8605c1eb44e772e2 146292 libnettle8_3.7-2.1ubuntu1_amd64.deb 8ff7b4d9a736371c15f7b3d622aaaf6ea8b5c33a 93052 nettle-bin-dbgsym_3.7-2.1ubuntu1_amd64.ddeb d83e6c8852ddf5122e3f48a9adc73cee129ed731 25496 nettle-bin_3.7-2.1ubuntu1_amd64.deb 27f3fd5dfb11609b72b95c488d000b891226aee1 1118068 nettle-dev_3.7-2.1ubuntu1_amd64.deb cf167e3e0afb2644c7dafceecd6e581cac072f50 7722 nettle_3.7-2.1ubuntu1_amd64.buildinfo Checksums-Sha256: 209942aa3aac42a7af8891e920aa43fab5ea97c6d1a7a43a11f88327319d4079 185296 libhogweed6-dbgsym_3.7-2.1ubuntu1_amd64.ddeb b2d23fb641a317e4e89332572e3a451e77f9d7fb8d82dba96ac78a4904b3dc6c 195188 libhogweed6_3.7-2.1ubuntu1_amd64.deb c50250b3d3974f169e0f9e262aed5b6a471e31688154629f3ac0ad25dbb3f0d9 256000 libnettle8-dbgsym_3.7-2.1ubuntu1_amd64.ddeb a26c85b514cdcccd04d22534b1ff0d5869d87c0674b646c117476393433b38fe 146292 libnettle8_3.7-2.1ubuntu1_amd64.deb 3e73949a564d1d829a15ba81aa432254f23c319d44462ce5e142388c937c3146 93052 nettle-bin-dbgsym_3.7-2.1ubuntu1_amd64.ddeb d2f23032cedfd896b8f5ab99180112bafec5890f9783f7e931d634d998d0d2ea 25496 nettle-bin_3.7-2.1ubuntu1_amd64.deb a2785139eec87c8a3a457cf2a6d8d61dace820971492993166667339b6060f38 1118068 nettle-dev_3.7-2.1ubuntu1_amd64.deb 1c8679374952e8c430b623d47ad283ac23668310ea3e7b6d0e9e8a5e8d626799 7722 nettle_3.7-2.1ubuntu1_amd64.buildinfo Files: a168669c339b3ee07ac66e570235551a 185296 debug optional libhogweed6-dbgsym_3.7-2.1ubuntu1_amd64.ddeb a6b78cd97f96f00d0ab789069c80de4b 195188 libs optional libhogweed6_3.7-2.1ubuntu1_amd64.deb 5473b80f12b45292874d226e02561816 256000 debug optional libnettle8-dbgsym_3.7-2.1ubuntu1_amd64.ddeb bd1185d006ed9777d3719471d24f9a42 146292 libs optional libnettle8_3.7-2.1ubuntu1_amd64.deb 686f71d548b687f92e3c8c8885abec36 93052 debug optional nettle-bin-dbgsym_3.7-2.1ubuntu1_amd64.ddeb 20faebd0ae087e082c7c96a732a62e45 25496 misc optional nettle-bin_3.7-2.1ubuntu1_amd64.deb c58a3eece7450e5c5b254eea3b9f23a4 1118068 libdevel optional nettle-dev_3.7-2.1ubuntu1_amd64.deb 86b62672adf404d2f6117fbde067e7a8 7722 libs optional nettle_3.7-2.1ubuntu1_amd64.buildinfo Original-Maintainer: Magnus Holmgren