[ubuntu-cloud-archive/queens-proposed] nettle (Accepted)
Corey Bryant
corey.bryant at canonical.com
Wed May 5 12:00:40 UTC 2021
nettle (3.4-1ubuntu0.1~cloud0) xenial-queens; urgency=medium
.
* New update for the Ubuntu Cloud Archive.
.
nettle (3.4-1ubuntu0.1) bionic-security; urgency=medium
.
* SECURITY UPDATE: Out of Bound memory access in signature verification
- debian/patches/CVE-2021-20305-1.patch: new functions
ecc_mod_mul_canonical and ecc_mod_sqr_canonical in
curve25519-eh-to-x.c, curve448-eh-to-x.c, ecc-eh-to-a.c,
ecc-internal.h, ecc-j-to-a.c, ecc-mod-arith.c, ecc-mul-m.c.
- debian/patches/CVE-2021-20305-2.patch: use ecc_mod_mul_canonical for
point comparison in eddsa-verify.c.
- debian/patches/CVE-2021-20305-3.patch: fix bug in ecc_ecdsa_verify in
ecc-ecdsa-verify.c, testsuite/ecdsa-sign-test.c.
- debian/patches/CVE-2021-20305-4.patch: ensure ecdsa_sign output is
canonically reduced in ecc-ecdsa-sign.c.
- debian/patches/CVE-2021-20305-6.patch: similar fix for eddsa in
eddsa-hash.c.
- debian/libhogweed4.symbols: added new symbols.
- CVE-2021-20305
Date: Wed, 14 Apr 2021 04:26:23 +0000
Changed-By: Openstack Ubuntu Testing Bot <openstack-testing-bot at ubuntu.com>
Signed-By: Openstack Ubuntu Testing Bot
Published-By: Corey Bryant <corey.bryant at canonical.com>
More information about the Cloud-archive-changes
mailing list