Format: 1.8 Date: Wed, 07 Apr 2021 10:17:03 -0400 Source: nettle Binary: libnettle6 libhogweed4 nettle-dev nettle-bin Architecture: ppc64el Version: 3.4-1ubuntu0.1 Distribution: bionic Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: libhogweed4 - low level cryptographic library (public-key cryptos) libnettle6 - low level cryptographic library (symmetric and one-way cryptos) nettle-bin - low level cryptographic library (binary tools) nettle-dev - low level cryptographic library (development files) Changes: nettle (3.4-1ubuntu0.1) bionic-security; urgency=medium . * SECURITY UPDATE: Out of Bound memory access in signature verification - debian/patches/CVE-2021-20305-1.patch: new functions ecc_mod_mul_canonical and ecc_mod_sqr_canonical in curve25519-eh-to-x.c, curve448-eh-to-x.c, ecc-eh-to-a.c, ecc-internal.h, ecc-j-to-a.c, ecc-mod-arith.c, ecc-mul-m.c. - debian/patches/CVE-2021-20305-2.patch: use ecc_mod_mul_canonical for point comparison in eddsa-verify.c. - debian/patches/CVE-2021-20305-3.patch: fix bug in ecc_ecdsa_verify in ecc-ecdsa-verify.c, testsuite/ecdsa-sign-test.c. - debian/patches/CVE-2021-20305-4.patch: ensure ecdsa_sign output is canonically reduced in ecc-ecdsa-sign.c. - debian/patches/CVE-2021-20305-6.patch: similar fix for eddsa in eddsa-hash.c. - debian/libhogweed4.symbols: added new symbols. - CVE-2021-20305 Checksums-Sha1: c50c50db01c777d20475f8722d19a038ab8e876b 181748 libhogweed4-dbgsym_3.4-1ubuntu0.1_ppc64el.ddeb 4de3002820675aca13286707305f7fa62d7b0986 135904 libhogweed4_3.4-1ubuntu0.1_ppc64el.deb 389defb0473a75081188b050f44aff339023f9bd 239868 libnettle6-dbgsym_3.4-1ubuntu0.1_ppc64el.ddeb 4b5fa77bcd3c91f0438448f3d1c2328e615095a3 138364 libnettle6_3.4-1ubuntu0.1_ppc64el.deb d7af6c2e5743d9a964d70394d62b2fd03ac33344 183600 nettle-bin-dbgsym_3.4-1ubuntu0.1_ppc64el.ddeb 4ca50ef43e5bc3b63b656bbf4813a443c8769a29 27000 nettle-bin_3.4-1ubuntu0.1_ppc64el.deb 9c798d60bf2a3848f883d0512d9c2507b17d70d3 983496 nettle-dev_3.4-1ubuntu0.1_ppc64el.deb e19eb00ca2d6b8405d6470689ed51ed92e53b17e 7187 nettle_3.4-1ubuntu0.1_ppc64el.buildinfo Checksums-Sha256: d94f89b1e0f82d1aa58600358b4a3b7099146fcba69da209d426aab2b4c1f03f 181748 libhogweed4-dbgsym_3.4-1ubuntu0.1_ppc64el.ddeb 215866a5435391e03e02915bc02aad7c6e634d141ceeb7744d87a6d0f3b06b71 135904 libhogweed4_3.4-1ubuntu0.1_ppc64el.deb d927924a921de51833dd3711d1c0871119f2f232a7392d804aa5fd9c02905559 239868 libnettle6-dbgsym_3.4-1ubuntu0.1_ppc64el.ddeb 52cdcd51bc3bdb34693cee14e2dd735fed0a90254ce180d610b76fcf6baafbd2 138364 libnettle6_3.4-1ubuntu0.1_ppc64el.deb d7909e4dbdd4ef6dc30df7f8b5423d383c8e7317268fd74f505a9a19be1609ae 183600 nettle-bin-dbgsym_3.4-1ubuntu0.1_ppc64el.ddeb 748cc7115cc83530200fa7e1c59d6e5fd92146d8700ff35dfb939dc19e422423 27000 nettle-bin_3.4-1ubuntu0.1_ppc64el.deb 37d8a01ad28bce27ffdc04c1f23edc3fcda4b9c96f79a8031125378d632aced8 983496 nettle-dev_3.4-1ubuntu0.1_ppc64el.deb f53603573926263141962ff23fdd7bd5b38bb776370c397190172117ebc736c5 7187 nettle_3.4-1ubuntu0.1_ppc64el.buildinfo Files: f5af4fbe5454924b484761a68df8e528 181748 debug optional libhogweed4-dbgsym_3.4-1ubuntu0.1_ppc64el.ddeb 20ea1102fde11787b771592cdb2f89d1 135904 libs optional libhogweed4_3.4-1ubuntu0.1_ppc64el.deb 0332dd9d4511453715663873e9b68d85 239868 debug optional libnettle6-dbgsym_3.4-1ubuntu0.1_ppc64el.ddeb 0ada591f2db70042a188b0aaf0757ae3 138364 libs optional libnettle6_3.4-1ubuntu0.1_ppc64el.deb 3407d829b2951627a0d10406c0270d6e 183600 debug optional nettle-bin-dbgsym_3.4-1ubuntu0.1_ppc64el.ddeb 8f1d2d6ced127a6a3cfcaf2e495787fa 27000 misc optional nettle-bin_3.4-1ubuntu0.1_ppc64el.deb 147f55a4e5127dc3fea991d9161152eb 983496 libdevel optional nettle-dev_3.4-1ubuntu0.1_ppc64el.deb ce4162e8fff4dfcda70fc6ca41d244c7 7187 libs optional nettle_3.4-1ubuntu0.1_ppc64el.buildinfo Original-Maintainer: Magnus Holmgren