Format: 1.8 Date: Wed, 07 Apr 2021 10:12:22 -0400 Source: nettle Binary: libhogweed5 libnettle7 nettle-bin nettle-dev Architecture: s390x Version: 3.5.1+really3.5.1-2ubuntu0.1 Distribution: focal Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: libhogweed5 - low level cryptographic library (public-key cryptos) libnettle7 - low level cryptographic library (symmetric and one-way cryptos) nettle-bin - low level cryptographic library (binary tools) nettle-dev - low level cryptographic library (development files) Changes: nettle (3.5.1+really3.5.1-2ubuntu0.1) focal-security; urgency=medium . * SECURITY UPDATE: Out of Bound memory access in signature verification - debian/patches/CVE-2021-20305-1.patch: new functions ecc_mod_mul_canonical and ecc_mod_sqr_canonical in curve25519-eh-to-x.c, curve448-eh-to-x.c, ecc-eh-to-a.c, ecc-internal.h, ecc-j-to-a.c, ecc-mod-arith.c, ecc-mul-m.c. - debian/patches/CVE-2021-20305-2.patch: use ecc_mod_mul_canonical for point comparison in eddsa-verify.c. - debian/patches/CVE-2021-20305-3.patch: fix bug in ecc_ecdsa_verify in ecc-ecdsa-verify.c, testsuite/ecdsa-sign-test.c. - debian/patches/CVE-2021-20305-4.patch: ensure ecdsa_sign output is canonically reduced in ecc-ecdsa-sign.c. - debian/patches/CVE-2021-20305-6.patch: similar fix for eddsa in eddsa-hash.c. - debian/libhogweed5.symbols: added new symbols. - CVE-2021-20305 Checksums-Sha1: a2c41f3bdc4180cb70ec595ad5cbba626b8f483b 200864 libhogweed5-dbgsym_3.5.1+really3.5.1-2ubuntu0.1_s390x.ddeb 08446e8fc4e676a20c2cefb1f1bbb3de21df1af5 135236 libhogweed5_3.5.1+really3.5.1-2ubuntu0.1_s390x.deb 4867b2d6d4e308adbb73a6f7c09e12627f51fe92 257284 libnettle7-dbgsym_3.5.1+really3.5.1-2ubuntu0.1_s390x.ddeb 3af346ea8e656f384c49ea9babfdf1bb2ba87366 123432 libnettle7_3.5.1+really3.5.1-2ubuntu0.1_s390x.deb 84a4f81b07eb3c3eac2d21469b8a0911d00770e8 170264 nettle-bin-dbgsym_3.5.1+really3.5.1-2ubuntu0.1_s390x.ddeb 2d3cb707b2bd5bce627705f7dcfc913b73fb0c2b 24464 nettle-bin_3.5.1+really3.5.1-2ubuntu0.1_s390x.deb 8e12c0e6c87dc28e55402a4bfb8c3b6cecb9530f 993208 nettle-dev_3.5.1+really3.5.1-2ubuntu0.1_s390x.deb c8ae67171a317da4c623d7d3e0d6f968c1445a11 7350 nettle_3.5.1+really3.5.1-2ubuntu0.1_s390x.buildinfo Checksums-Sha256: 522b3fcf0446049fc0401174a00cd0ce4375f1a18d1cc0ab9070cc3bcd830548 200864 libhogweed5-dbgsym_3.5.1+really3.5.1-2ubuntu0.1_s390x.ddeb 5bcc6e838a456c66139f3a3f7f5d6e07ee9b685ba7477c6648fb3201e91b0917 135236 libhogweed5_3.5.1+really3.5.1-2ubuntu0.1_s390x.deb 72b336860826763a555732c2799da60a4882efde7b2af7e675b0c973dc8ded03 257284 libnettle7-dbgsym_3.5.1+really3.5.1-2ubuntu0.1_s390x.ddeb d8805222b7aa1314d3384b569cfb690bc2503941f78a9dafba90d29bbc34af2a 123432 libnettle7_3.5.1+really3.5.1-2ubuntu0.1_s390x.deb 956192d3e254b5f95a3a576cad6ebf816a10321fc110b479236228297b2412eb 170264 nettle-bin-dbgsym_3.5.1+really3.5.1-2ubuntu0.1_s390x.ddeb 708d237dd7f4fd27db096bdfd82c981293eaa56fcce69889a6f3febe1a627cf3 24464 nettle-bin_3.5.1+really3.5.1-2ubuntu0.1_s390x.deb 870d48a8f46da5c2cf295effb1a4fc26025e8d63a3d219a250a36931a0e875c0 993208 nettle-dev_3.5.1+really3.5.1-2ubuntu0.1_s390x.deb 382bff74de41369bb20b4cf1eadd44077d91f4e1e3353e3c7cffab7d20501eb0 7350 nettle_3.5.1+really3.5.1-2ubuntu0.1_s390x.buildinfo Files: 3cac1c3eebd3e523514f830df47a9359 200864 debug optional libhogweed5-dbgsym_3.5.1+really3.5.1-2ubuntu0.1_s390x.ddeb 88cd62018d1a7cfbc627ab69f9d44dde 135236 libs optional libhogweed5_3.5.1+really3.5.1-2ubuntu0.1_s390x.deb ab7c03b7dd27eb580f6d3f4270f77c77 257284 debug optional libnettle7-dbgsym_3.5.1+really3.5.1-2ubuntu0.1_s390x.ddeb a79159e0a5cc076b8484198ecff2aeb7 123432 libs optional libnettle7_3.5.1+really3.5.1-2ubuntu0.1_s390x.deb 097afcf6e4ee831c3568b4590fbe78a2 170264 debug optional nettle-bin-dbgsym_3.5.1+really3.5.1-2ubuntu0.1_s390x.ddeb de0fabc1f75804806487a817ccd897fa 24464 misc optional nettle-bin_3.5.1+really3.5.1-2ubuntu0.1_s390x.deb 3b9a0d30004eb19163aede495d2061fe 993208 libdevel optional nettle-dev_3.5.1+really3.5.1-2ubuntu0.1_s390x.deb 55009196cf6fdc19e17971d529daf53e 7350 libs optional nettle_3.5.1+really3.5.1-2ubuntu0.1_s390x.buildinfo Original-Maintainer: Magnus Holmgren