[ubuntu/groovy-security] nettle 3.6-2ubuntu0.1 (Accepted)

Marc Deslauriers marc.deslauriers at canonical.com
Tue Apr 13 14:53:36 UTC 2021


nettle (3.6-2ubuntu0.1) groovy-security; urgency=medium

  * SECURITY UPDATE: Out of Bound memory access in signature verification
    - debian/patches/CVE-2021-20305-1.patch: new functions
      ecc_mod_mul_canonical and ecc_mod_sqr_canonical in
      curve25519-eh-to-x.c, curve448-eh-to-x.c, ecc-eh-to-a.c,
      ecc-internal.h, ecc-j-to-a.c, ecc-mod-arith.c, ecc-mul-m.c.
    - debian/patches/CVE-2021-20305-2.patch: use ecc_mod_mul_canonical for
      point comparison in eddsa-verify.c.
    - debian/patches/CVE-2021-20305-3.patch: fix bug in ecc_ecdsa_verify in
      ecc-ecdsa-verify.c, testsuite/ecdsa-sign-test.c.
    - debian/patches/CVE-2021-20305-4.patch: ensure ecdsa_sign output is
      canonically reduced in ecc-ecdsa-sign.c.
    - debian/patches/CVE-2021-20305-5.patch: analogous fix to
      ecc_gostdsa_verify in ecc-gostdsa-verify.c.
    - debian/patches/CVE-2021-20305-6.patch: similar fix for eddsa in
      eddsa-hash.c.
    - debian/patches/CVE-2021-20305-7.patch: fix canonical reduction in
      gostdsa_vko in gostdsa-vko.c.
    - debian/libhogweed6.symbols: added new symbols.
    - CVE-2021-20305

Date: 2021-04-07 15:34:13.927431+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/nettle/3.6-2ubuntu0.1
-------------- next part --------------
Sorry, changesfile not available.


More information about the Groovy-changes mailing list