Format: 1.8 Date: Tue, 06 Apr 2021 11:20:32 -0400 Source: nettle Binary: libhogweed6 libnettle8 nettle-bin nettle-dev Built-For-Profiles: noudeb Architecture: arm64 Version: 3.7-2.1ubuntu1 Distribution: hirsute-proposed Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: libhogweed6 - low level cryptographic library (public-key cryptos) libnettle8 - low level cryptographic library (symmetric and one-way cryptos) nettle-bin - low level cryptographic library (binary tools) nettle-dev - low level cryptographic library (development files) Changes: nettle (3.7-2.1ubuntu1) hirsute; urgency=medium . * SECURITY UPDATE: Out of Bound memory access in signature verification - debian/patches/CVE-2021-20305-1.patch: new functions ecc_mod_mul_canonical and ecc_mod_sqr_canonical in curve25519-eh-to-x.c, curve448-eh-to-x.c, ecc-eh-to-a.c, ecc-internal.h, ecc-j-to-a.c, ecc-mod-arith.c, ecc-mul-m.c. - debian/patches/CVE-2021-20305-2.patch: use ecc_mod_mul_canonical for point comparison in eddsa-verify.c. - debian/patches/CVE-2021-20305-3.patch: fix bug in ecc_ecdsa_verify in ecc-ecdsa-verify.c, testsuite/ecdsa-sign-test.c. - debian/patches/CVE-2021-20305-4.patch: ensure ecdsa_sign output is canonically reduced in ecc-ecdsa-sign.c. - debian/patches/CVE-2021-20305-5.patch: analogous fix to ecc_gostdsa_verify in ecc-gostdsa-verify.c. - debian/patches/CVE-2021-20305-6.patch: similar fix for eddsa in eddsa-hash.c. - debian/patches/CVE-2021-20305-7.patch: fix canonical reduction in gostdsa_vko in gostdsa-vko.c. - debian/libhogweed6.symbols: added new symbols. - CVE-2021-20305 Checksums-Sha1: 09d782118485e4de00e2b411751d10710bcd5fd8 183696 libhogweed6-dbgsym_3.7-2.1ubuntu1_arm64.ddeb 747d5fcfb60504794bd22b8d0d37db1c4c7aab8d 190620 libhogweed6_3.7-2.1ubuntu1_arm64.deb 31a84a144205e1a2476f55050db9d693fd457616 273440 libnettle8-dbgsym_3.7-2.1ubuntu1_arm64.ddeb 13ee218d69cc54171bc2d062848eb2afddf8a149 152936 libnettle8_3.7-2.1ubuntu1_arm64.deb b83f1f9b5b7ef6541fcf736ce749aeb8726603ab 93680 nettle-bin-dbgsym_3.7-2.1ubuntu1_arm64.ddeb 780ce03b1f536c07ddaeb58dac4c3335e0b2bc74 25152 nettle-bin_3.7-2.1ubuntu1_arm64.deb 44cf28047b19aa39900568e048e23f2ee3d93a70 1124044 nettle-dev_3.7-2.1ubuntu1_arm64.deb fa14f307577ae0f90dd9fe73554d8c77cc0ebbf4 7683 nettle_3.7-2.1ubuntu1_arm64.buildinfo Checksums-Sha256: 17c219f39fab6bcc41799c517b3a10b025be33551fa5a7b01113927baae797bc 183696 libhogweed6-dbgsym_3.7-2.1ubuntu1_arm64.ddeb bf4faf8649d81b31bd3cc5ccb51d5f6e3d4f4f6f926090623af39c4b392a7ced 190620 libhogweed6_3.7-2.1ubuntu1_arm64.deb cb83f58ca0dbb7b38681d4e21d0b54899ec850cd0f00fc5a73d462b8ff977508 273440 libnettle8-dbgsym_3.7-2.1ubuntu1_arm64.ddeb f0f3e06aed82eb59c404767f47b7f873b9d19ab5479d96a6f64b49559e86f08b 152936 libnettle8_3.7-2.1ubuntu1_arm64.deb 92f1dcc7343199d0220a0943d727e54fa90353d34833c69f3de65197283dd49c 93680 nettle-bin-dbgsym_3.7-2.1ubuntu1_arm64.ddeb a302183f8c8b0f1a9ace6ccac9484a5b3bdd48079baed1bf01e218e9967bec05 25152 nettle-bin_3.7-2.1ubuntu1_arm64.deb 36d27872bfc6d1887c60fe9467d4139e2044159cc6f76081bde6792b3f0232c6 1124044 nettle-dev_3.7-2.1ubuntu1_arm64.deb 9bf269afb1d08e5472669f58b1ec9194bcf8e0f05208aebcf21ce2112339f941 7683 nettle_3.7-2.1ubuntu1_arm64.buildinfo Files: 8b873176e86edb66fa0ec34a628ac011 183696 debug optional libhogweed6-dbgsym_3.7-2.1ubuntu1_arm64.ddeb 3dd3d964d51be2bd314584f238a45b5d 190620 libs optional libhogweed6_3.7-2.1ubuntu1_arm64.deb 51605befed8abf431c3c1f6d6a2432d5 273440 debug optional libnettle8-dbgsym_3.7-2.1ubuntu1_arm64.ddeb 580d6333a7525353fff30020ab1d6418 152936 libs optional libnettle8_3.7-2.1ubuntu1_arm64.deb d46011eff2ad73eaa18a23b49e2a0b50 93680 debug optional nettle-bin-dbgsym_3.7-2.1ubuntu1_arm64.ddeb 9713b86ed426b608b901dde50fd00139 25152 misc optional nettle-bin_3.7-2.1ubuntu1_arm64.deb 607ff754b20b2c84be2e177a446fe40a 1124044 libdevel optional nettle-dev_3.7-2.1ubuntu1_arm64.deb aa7549576e81c2a6d96205dd8dcadf19 7683 libs optional nettle_3.7-2.1ubuntu1_arm64.buildinfo Original-Maintainer: Magnus Holmgren