Format: 1.8 Date: Wed, 07 Apr 2021 10:17:03 -0400 Source: nettle Binary: libnettle6 libhogweed4 nettle-dev nettle-bin Architecture: armhf Version: 3.4-1ubuntu0.1 Distribution: bionic Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: libhogweed4 - low level cryptographic library (public-key cryptos) libnettle6 - low level cryptographic library (symmetric and one-way cryptos) nettle-bin - low level cryptographic library (binary tools) nettle-dev - low level cryptographic library (development files) Changes: nettle (3.4-1ubuntu0.1) bionic-security; urgency=medium . * SECURITY UPDATE: Out of Bound memory access in signature verification - debian/patches/CVE-2021-20305-1.patch: new functions ecc_mod_mul_canonical and ecc_mod_sqr_canonical in curve25519-eh-to-x.c, curve448-eh-to-x.c, ecc-eh-to-a.c, ecc-internal.h, ecc-j-to-a.c, ecc-mod-arith.c, ecc-mul-m.c. - debian/patches/CVE-2021-20305-2.patch: use ecc_mod_mul_canonical for point comparison in eddsa-verify.c. - debian/patches/CVE-2021-20305-3.patch: fix bug in ecc_ecdsa_verify in ecc-ecdsa-verify.c, testsuite/ecdsa-sign-test.c. - debian/patches/CVE-2021-20305-4.patch: ensure ecdsa_sign output is canonically reduced in ecc-ecdsa-sign.c. - debian/patches/CVE-2021-20305-6.patch: similar fix for eddsa in eddsa-hash.c. - debian/libhogweed4.symbols: added new symbols. - CVE-2021-20305 Checksums-Sha1: 40ae8482dc7cd1af565ca7e29c6dab958e1b766e 163608 libhogweed4-dbgsym_3.4-1ubuntu0.1_armhf.ddeb 7674c65147ff505e5cff38ff5674aae99c8110a1 127312 libhogweed4_3.4-1ubuntu0.1_armhf.deb 780bfb463c9934fcbf129ac54f6f8d5d25f4eb22 207268 libnettle6-dbgsym_3.4-1ubuntu0.1_armhf.ddeb 880b53e9f0e70ce728c6a3f300b2fa7ef7cf2180 123144 libnettle6_3.4-1ubuntu0.1_armhf.deb aa296d24df6c013ad7dedb116b36516d485cb7f8 178964 nettle-bin-dbgsym_3.4-1ubuntu0.1_armhf.ddeb 9141b294eb3c4aeeb80ae0d671d7e220b0680c2e 22960 nettle-bin_3.4-1ubuntu0.1_armhf.deb 3aa4f47a1dde96c2c85ba99ad468a9ea6702eeb6 957480 nettle-dev_3.4-1ubuntu0.1_armhf.deb 07e0c3ff4160f5b4bc17075d7b8a23470c413a77 7071 nettle_3.4-1ubuntu0.1_armhf.buildinfo Checksums-Sha256: d54b55f0617575bf166fcf513e46b297269baa7abe7251823c8f0ec1510b623c 163608 libhogweed4-dbgsym_3.4-1ubuntu0.1_armhf.ddeb d6f13f4f413e765d747894ea89b62de0e8fcc9460620a16031f454a299efb750 127312 libhogweed4_3.4-1ubuntu0.1_armhf.deb 9674aaadfef3e15e4d7c04008e845e35d902261d8a717ad7ca58b65530463d17 207268 libnettle6-dbgsym_3.4-1ubuntu0.1_armhf.ddeb 02620dad3ef6c342b4b47b8f894eb96e072b2c3850f043c5d19ad9fdd9ee8039 123144 libnettle6_3.4-1ubuntu0.1_armhf.deb 61efecb7211dced1a6279ef2c118699410ceb988aa7b6b9b15df5218a23d3038 178964 nettle-bin-dbgsym_3.4-1ubuntu0.1_armhf.ddeb f09b26d15ba5310a70c5869cc0a7204caedf1039c718aeeed59662547f7cb441 22960 nettle-bin_3.4-1ubuntu0.1_armhf.deb 0e4bccc77cba8f0421f9c0f8f019158f5ee0432ea4251648faa7b66ffdbc135f 957480 nettle-dev_3.4-1ubuntu0.1_armhf.deb 9317f933e3fdc3a89fccc3364f6d709076524c323c2dabac9dadac1516b4c8da 7071 nettle_3.4-1ubuntu0.1_armhf.buildinfo Files: fd0ec4eb398d484f1f5ea33aee175702 163608 debug optional libhogweed4-dbgsym_3.4-1ubuntu0.1_armhf.ddeb 01a2f46350d885e3772dd65aca437f70 127312 libs optional libhogweed4_3.4-1ubuntu0.1_armhf.deb 5a235b9e8151f94a811617aa8f972393 207268 debug optional libnettle6-dbgsym_3.4-1ubuntu0.1_armhf.ddeb 21f3b4158f99e24fd87b523ccca8fb3a 123144 libs optional libnettle6_3.4-1ubuntu0.1_armhf.deb 073cb5d1efe3ed70bc40646aa8cf60ba 178964 debug optional nettle-bin-dbgsym_3.4-1ubuntu0.1_armhf.ddeb c396bc88c3c825de52bb526347aa490d 22960 misc optional nettle-bin_3.4-1ubuntu0.1_armhf.deb 2bc277c19fb2d96b5c0da6d79599a97a 957480 libdevel optional nettle-dev_3.4-1ubuntu0.1_armhf.deb 72426970a8f5d053a8242459e402e558 7071 libs optional nettle_3.4-1ubuntu0.1_armhf.buildinfo Original-Maintainer: Magnus Holmgren