Format: 1.8 Date: Tue, 06 Apr 2021 11:20:32 -0400 Source: nettle Binary: libhogweed6 libnettle8 nettle-bin nettle-dev Built-For-Profiles: noudeb Architecture: riscv64 Version: 3.7-2.1ubuntu1 Distribution: hirsute-proposed Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: libhogweed6 - low level cryptographic library (public-key cryptos) libnettle8 - low level cryptographic library (symmetric and one-way cryptos) nettle-bin - low level cryptographic library (binary tools) nettle-dev - low level cryptographic library (development files) Changes: nettle (3.7-2.1ubuntu1) hirsute; urgency=medium . * SECURITY UPDATE: Out of Bound memory access in signature verification - debian/patches/CVE-2021-20305-1.patch: new functions ecc_mod_mul_canonical and ecc_mod_sqr_canonical in curve25519-eh-to-x.c, curve448-eh-to-x.c, ecc-eh-to-a.c, ecc-internal.h, ecc-j-to-a.c, ecc-mod-arith.c, ecc-mul-m.c. - debian/patches/CVE-2021-20305-2.patch: use ecc_mod_mul_canonical for point comparison in eddsa-verify.c. - debian/patches/CVE-2021-20305-3.patch: fix bug in ecc_ecdsa_verify in ecc-ecdsa-verify.c, testsuite/ecdsa-sign-test.c. - debian/patches/CVE-2021-20305-4.patch: ensure ecdsa_sign output is canonically reduced in ecc-ecdsa-sign.c. - debian/patches/CVE-2021-20305-5.patch: analogous fix to ecc_gostdsa_verify in ecc-gostdsa-verify.c. - debian/patches/CVE-2021-20305-6.patch: similar fix for eddsa in eddsa-hash.c. - debian/patches/CVE-2021-20305-7.patch: fix canonical reduction in gostdsa_vko in gostdsa-vko.c. - debian/libhogweed6.symbols: added new symbols. - CVE-2021-20305 Checksums-Sha1: d7ebe587696db1f9bcb33fc71cd69845b8908d6c 179212 libhogweed6-dbgsym_3.7-2.1ubuntu1_riscv64.ddeb 0e0ad83b48f220365791d34ca4cacf702e17fe29 187740 libhogweed6_3.7-2.1ubuntu1_riscv64.deb 873fde38ac86084294a93a8943d882df323d1357 262216 libnettle8-dbgsym_3.7-2.1ubuntu1_riscv64.ddeb 122a038d7351f12df857d1f9797789bd8957347f 174140 libnettle8_3.7-2.1ubuntu1_riscv64.deb 9c145dbf180b249f7aa519765b6aabf856e8a731 92180 nettle-bin-dbgsym_3.7-2.1ubuntu1_riscv64.ddeb be4225a67719dbb8524e460c90c363024a7beb2f 23704 nettle-bin_3.7-2.1ubuntu1_riscv64.deb e54b5e6bbf1f72e8ea1b7025b308255efeea8f5e 1281444 nettle-dev_3.7-2.1ubuntu1_riscv64.deb 0a6c50e2e23dfd0d0401d693d31647c53d7416e3 7524 nettle_3.7-2.1ubuntu1_riscv64.buildinfo Checksums-Sha256: 8b444db273f7b2c186bbb9a8786a47be2124f769323859ae03ff3b486c8bb3af 179212 libhogweed6-dbgsym_3.7-2.1ubuntu1_riscv64.ddeb f7a31416850a77e6d58d1d1c0fe72dc7b3d1ddddcb740e88b3ca11b4a0c977dd 187740 libhogweed6_3.7-2.1ubuntu1_riscv64.deb 60c4162325c6c19ecd13ca708c74eb2932b887fa70ef2b2efb5fc2df746dc932 262216 libnettle8-dbgsym_3.7-2.1ubuntu1_riscv64.ddeb a619945585d2c89f00f506a99863ed4eb990f803601d94af00827aab89c1871f 174140 libnettle8_3.7-2.1ubuntu1_riscv64.deb 1c073dee4357d47ccfe142e69367f05c4b5862982c107788c438351a920f7aef 92180 nettle-bin-dbgsym_3.7-2.1ubuntu1_riscv64.ddeb fea73877a35bacf1ae5939bcd423721a390c2a8a790fcb87751dde754aee2520 23704 nettle-bin_3.7-2.1ubuntu1_riscv64.deb f4bd0683f6a075db041e8263090c46cb9373a4c421c13886cae300acd4f0deb7 1281444 nettle-dev_3.7-2.1ubuntu1_riscv64.deb 4936a5192391e1b82da6497dd4698de14d27ff306a49fb415414227079167ea2 7524 nettle_3.7-2.1ubuntu1_riscv64.buildinfo Files: 911120ebca98c5f90df31792cb7d877f 179212 debug optional libhogweed6-dbgsym_3.7-2.1ubuntu1_riscv64.ddeb e24e9b47cbefbf853e2154167c7a0ebc 187740 libs optional libhogweed6_3.7-2.1ubuntu1_riscv64.deb 13b51f210b7c1b2e1b598c1ab709f104 262216 debug optional libnettle8-dbgsym_3.7-2.1ubuntu1_riscv64.ddeb 7d6c41379d6e9d685103de233671dcb6 174140 libs optional libnettle8_3.7-2.1ubuntu1_riscv64.deb 6da06f5a0c07542c708aa20abf256d71 92180 debug optional nettle-bin-dbgsym_3.7-2.1ubuntu1_riscv64.ddeb cde1ec575eaac48423378ebdd1c393af 23704 misc optional nettle-bin_3.7-2.1ubuntu1_riscv64.deb da9e7a7ea8851e57bfc4f769ccf2aaab 1281444 libdevel optional nettle-dev_3.7-2.1ubuntu1_riscv64.deb 6b20029371b30b2ce28857447e380ced 7524 libs optional nettle_3.7-2.1ubuntu1_riscv64.buildinfo Original-Maintainer: Magnus Holmgren