Format: 1.8 Date: Wed, 07 Apr 2021 10:12:22 -0400 Source: nettle Binary: libhogweed5 libnettle7 nettle-bin nettle-dev Architecture: armhf Version: 3.5.1+really3.5.1-2ubuntu0.1 Distribution: focal Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: libhogweed5 - low level cryptographic library (public-key cryptos) libnettle7 - low level cryptographic library (symmetric and one-way cryptos) nettle-bin - low level cryptographic library (binary tools) nettle-dev - low level cryptographic library (development files) Changes: nettle (3.5.1+really3.5.1-2ubuntu0.1) focal-security; urgency=medium . * SECURITY UPDATE: Out of Bound memory access in signature verification - debian/patches/CVE-2021-20305-1.patch: new functions ecc_mod_mul_canonical and ecc_mod_sqr_canonical in curve25519-eh-to-x.c, curve448-eh-to-x.c, ecc-eh-to-a.c, ecc-internal.h, ecc-j-to-a.c, ecc-mod-arith.c, ecc-mul-m.c. - debian/patches/CVE-2021-20305-2.patch: use ecc_mod_mul_canonical for point comparison in eddsa-verify.c. - debian/patches/CVE-2021-20305-3.patch: fix bug in ecc_ecdsa_verify in ecc-ecdsa-verify.c, testsuite/ecdsa-sign-test.c. - debian/patches/CVE-2021-20305-4.patch: ensure ecdsa_sign output is canonically reduced in ecc-ecdsa-sign.c. - debian/patches/CVE-2021-20305-6.patch: similar fix for eddsa in eddsa-hash.c. - debian/libhogweed5.symbols: added new symbols. - CVE-2021-20305 Checksums-Sha1: cebebc2dbf1266d896d886ad5aaa6550f202cfb6 190416 libhogweed5-dbgsym_3.5.1+really3.5.1-2ubuntu0.1_armhf.ddeb 26b8f6a79e188b95773cd8ad9da802e30c0b7f64 127048 libhogweed5_3.5.1+really3.5.1-2ubuntu0.1_armhf.deb 23705125ca304a14034bc23726847df16d5087b1 251700 libnettle7-dbgsym_3.5.1+really3.5.1-2ubuntu0.1_armhf.ddeb 4864e3a843392e067aa6fb984d0f2f8a81b812bf 126836 libnettle7_3.5.1+really3.5.1-2ubuntu0.1_armhf.deb 2c6f7e810ced2768089d8fae5d08db81246b00d7 175500 nettle-bin-dbgsym_3.5.1+really3.5.1-2ubuntu0.1_armhf.ddeb e0b9cef52571315a568faaef338d6067eb387ff5 22952 nettle-bin_3.5.1+really3.5.1-2ubuntu0.1_armhf.deb e9306807c182867009d1abc96c230d590e43d18b 990192 nettle-dev_3.5.1+really3.5.1-2ubuntu0.1_armhf.deb e94828376a81a679f2b4a23f832eecbd940ed568 7318 nettle_3.5.1+really3.5.1-2ubuntu0.1_armhf.buildinfo Checksums-Sha256: 4ebeaeffcb5a8398b47ef183346f411ac9091d6592246a36c24e1fcf00ff580a 190416 libhogweed5-dbgsym_3.5.1+really3.5.1-2ubuntu0.1_armhf.ddeb 30adc942a45e17c7628c2d2d71ba3a384e71fac51407b4dd14f0dc935eec897b 127048 libhogweed5_3.5.1+really3.5.1-2ubuntu0.1_armhf.deb 0a0c033e2b92fef320ca16de09fb7420bc19cf70fcb0e79524430f441ce79c9c 251700 libnettle7-dbgsym_3.5.1+really3.5.1-2ubuntu0.1_armhf.ddeb 8a29eb3c72ebd3378cc4eca25a10693a39c2f3b4906f85af1cc3e189dbc0e94d 126836 libnettle7_3.5.1+really3.5.1-2ubuntu0.1_armhf.deb c2065ba8b6b7746c24c59e662fefb7407134a5fdf72e9d5750f658e0989d9876 175500 nettle-bin-dbgsym_3.5.1+really3.5.1-2ubuntu0.1_armhf.ddeb 257251863322e8c519b5e82f433657d6c233718f189124aca3cb87600c0d6998 22952 nettle-bin_3.5.1+really3.5.1-2ubuntu0.1_armhf.deb ca9316aff413d3594c26cb12848d45a399a5f70199bb9efc9d53286ac6bc6932 990192 nettle-dev_3.5.1+really3.5.1-2ubuntu0.1_armhf.deb 429f0f77358efb0bbcc8e263f7baeb31ba7125e903c3eb62a00366ab2e0ab91a 7318 nettle_3.5.1+really3.5.1-2ubuntu0.1_armhf.buildinfo Files: 8186580b31f48154c81b7decfe0f7233 190416 debug optional libhogweed5-dbgsym_3.5.1+really3.5.1-2ubuntu0.1_armhf.ddeb 5b32235da08cd3c22fec571d2b381e3d 127048 libs optional libhogweed5_3.5.1+really3.5.1-2ubuntu0.1_armhf.deb b8666a49ebe70ee9222f80a560c7bb3b 251700 debug optional libnettle7-dbgsym_3.5.1+really3.5.1-2ubuntu0.1_armhf.ddeb 4cda2dac84e722d40468e246510dd384 126836 libs optional libnettle7_3.5.1+really3.5.1-2ubuntu0.1_armhf.deb 7493f4fe0f3597008dc0374d0a446474 175500 debug optional nettle-bin-dbgsym_3.5.1+really3.5.1-2ubuntu0.1_armhf.ddeb 58ad86b9ca9550fa77eff21d7070230c 22952 misc optional nettle-bin_3.5.1+really3.5.1-2ubuntu0.1_armhf.deb abf93c23b2c093a11136e0b53a9ffe13 990192 libdevel optional nettle-dev_3.5.1+really3.5.1-2ubuntu0.1_armhf.deb 3f1a6f4bf208fbda1dbe7e62bafc968a 7318 libs optional nettle_3.5.1+really3.5.1-2ubuntu0.1_armhf.buildinfo Original-Maintainer: Magnus Holmgren