-
nettle (3.7.3-1build1) impish; urgency=medium
* No-change rebuild to build packages with zstd compression.
-- Matthias Klose <email address hidden> Thu, 07 Oct 2021 12:21:29 +0200
-
nettle (3.7.3-1) unstable; urgency=high
* New upstream release fixing bugs that could make the RSA decryption
functions crash on invalid inputs [CVE-2021-3580] (Closes: #989631).
-- Magnus Holmgren <email address hidden> Thu, 10 Jun 2021 08:51:41 +0200
-
nettle (3.7.2-3) unstable; urgency=medium
* libnettle8.symbols: Drop two more (internal) symbols from armel and
armhf.
-- Magnus Holmgren <email address hidden> Mon, 05 Apr 2021 20:49:56 +0200
-
nettle (3.7-2.1ubuntu1) hirsute; urgency=medium
* SECURITY UPDATE: Out of Bound memory access in signature verification
- debian/patches/CVE-2021-20305-1.patch: new functions
ecc_mod_mul_canonical and ecc_mod_sqr_canonical in
curve25519-eh-to-x.c, curve448-eh-to-x.c, ecc-eh-to-a.c,
ecc-internal.h, ecc-j-to-a.c, ecc-mod-arith.c, ecc-mul-m.c.
- debian/patches/CVE-2021-20305-2.patch: use ecc_mod_mul_canonical for
point comparison in eddsa-verify.c.
- debian/patches/CVE-2021-20305-3.patch: fix bug in ecc_ecdsa_verify in
ecc-ecdsa-verify.c, testsuite/ecdsa-sign-test.c.
- debian/patches/CVE-2021-20305-4.patch: ensure ecdsa_sign output is
canonically reduced in ecc-ecdsa-sign.c.
- debian/patches/CVE-2021-20305-5.patch: analogous fix to
ecc_gostdsa_verify in ecc-gostdsa-verify.c.
- debian/patches/CVE-2021-20305-6.patch: similar fix for eddsa in
eddsa-hash.c.
- debian/patches/CVE-2021-20305-7.patch: fix canonical reduction in
gostdsa_vko in gostdsa-vko.c.
- debian/libhogweed6.symbols: added new symbols.
- CVE-2021-20305
-- Marc Deslauriers <email address hidden> Tue, 06 Apr 2021 11:20:32 -0400
