Format: 1.8 Date: Wed, 07 Apr 2021 10:17:03 -0400 Source: nettle Binary: libnettle6 libhogweed4 nettle-dev nettle-bin Architecture: i386 Version: 3.4-1ubuntu0.1 Distribution: bionic Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: libhogweed4 - low level cryptographic library (public-key cryptos) libnettle6 - low level cryptographic library (symmetric and one-way cryptos) nettle-bin - low level cryptographic library (binary tools) nettle-dev - low level cryptographic library (development files) Changes: nettle (3.4-1ubuntu0.1) bionic-security; urgency=medium . * SECURITY UPDATE: Out of Bound memory access in signature verification - debian/patches/CVE-2021-20305-1.patch: new functions ecc_mod_mul_canonical and ecc_mod_sqr_canonical in curve25519-eh-to-x.c, curve448-eh-to-x.c, ecc-eh-to-a.c, ecc-internal.h, ecc-j-to-a.c, ecc-mod-arith.c, ecc-mul-m.c. - debian/patches/CVE-2021-20305-2.patch: use ecc_mod_mul_canonical for point comparison in eddsa-verify.c. - debian/patches/CVE-2021-20305-3.patch: fix bug in ecc_ecdsa_verify in ecc-ecdsa-verify.c, testsuite/ecdsa-sign-test.c. - debian/patches/CVE-2021-20305-4.patch: ensure ecdsa_sign output is canonically reduced in ecc-ecdsa-sign.c. - debian/patches/CVE-2021-20305-6.patch: similar fix for eddsa in eddsa-hash.c. - debian/libhogweed4.symbols: added new symbols. - CVE-2021-20305 Checksums-Sha1: bf9ea7364f65a0fdd0f86b7f32a608d7245248dd 139172 libhogweed4-dbgsym_3.4-1ubuntu0.1_i386.ddeb 7a03dd1a91c9f867729ed868c04af43fd77140a0 139076 libhogweed4_3.4-1ubuntu0.1_i386.deb db16c900ee835a37c9b9f61e5f3c6b576fe26926 184692 libnettle6-dbgsym_3.4-1ubuntu0.1_i386.ddeb ae3149e2c407da414c6e9e624300523d5a290c9a 127148 libnettle6_3.4-1ubuntu0.1_i386.deb 79bdcb03d4eeac18ce7a58f8ee2bfb481523818c 170252 nettle-bin-dbgsym_3.4-1ubuntu0.1_i386.ddeb 61484fdc06960d3a8c1bf483c94e1ac439d9a89b 26404 nettle-bin_3.4-1ubuntu0.1_i386.deb 65df6a114ba2bdd6b1534f59fc3c0290d8798829 974376 nettle-dev_3.4-1ubuntu0.1_i386.deb 6424d22a9761850aec59d70546768fb3d2e4f82a 7153 nettle_3.4-1ubuntu0.1_i386.buildinfo Checksums-Sha256: 48b21f0187f5f50b274f61d8065dd3ac173b47d0f5c881d7913e2b3c441701a2 139172 libhogweed4-dbgsym_3.4-1ubuntu0.1_i386.ddeb 21bf2fab1a7ceaf52488f5dbe60b591df49748b128eab1a01141758441e46bde 139076 libhogweed4_3.4-1ubuntu0.1_i386.deb 65df72b4d476419fea88df27e7d190f6a02f0537763cfd22b002ac12e06d4ca4 184692 libnettle6-dbgsym_3.4-1ubuntu0.1_i386.ddeb f91b2a4702855e0f3a034cb2bfafc5a0da3c46682449e4f27c9debb3a4f1b413 127148 libnettle6_3.4-1ubuntu0.1_i386.deb c73eb70e5dadfa2dba7d4db7029c9cdfdc1786c6ff3d320d8f528d57afecc0ba 170252 nettle-bin-dbgsym_3.4-1ubuntu0.1_i386.ddeb 33638255acd58f31c59c9a3e694724eb24ecb1d227dfb3118be6854830e8d0c6 26404 nettle-bin_3.4-1ubuntu0.1_i386.deb 8b1dbb50b6f61835a973196eb167f3be853cd2d955793d5b13f7945dd4b16c53 974376 nettle-dev_3.4-1ubuntu0.1_i386.deb a3f4e2e9675c00a8f3d5f34e4f385aa5a619d58e1495f3c7e0915d34599ec729 7153 nettle_3.4-1ubuntu0.1_i386.buildinfo Files: 14c6c670ed1e3ccf96192c1b90545a37 139172 debug optional libhogweed4-dbgsym_3.4-1ubuntu0.1_i386.ddeb 5b9f19248b96dcb50183a718aead306f 139076 libs optional libhogweed4_3.4-1ubuntu0.1_i386.deb 2925d3f637fc7c59fea4c3572dd7b9fb 184692 debug optional libnettle6-dbgsym_3.4-1ubuntu0.1_i386.ddeb 1a6dd9774a6d6b2aa85f35deba085e87 127148 libs optional libnettle6_3.4-1ubuntu0.1_i386.deb 00067b999e87a11eb84e871ab60629eb 170252 debug optional nettle-bin-dbgsym_3.4-1ubuntu0.1_i386.ddeb 928e977d4f9aec6947a8e30f1f3bf34f 26404 misc optional nettle-bin_3.4-1ubuntu0.1_i386.deb ba0f9363db9fdf7d48a19a7202c16fa5 974376 libdevel optional nettle-dev_3.4-1ubuntu0.1_i386.deb 51babcd8a9134c6a59b751d297794844 7153 libs optional nettle_3.4-1ubuntu0.1_i386.buildinfo Original-Maintainer: Magnus Holmgren