Format: 1.8 Date: Tue, 06 Apr 2021 11:20:32 -0400 Source: nettle Binary: libhogweed6 libnettle8 nettle-bin nettle-dev Built-For-Profiles: noudeb Architecture: s390x Version: 3.7-2.1ubuntu1 Distribution: hirsute-proposed Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: libhogweed6 - low level cryptographic library (public-key cryptos) libnettle8 - low level cryptographic library (symmetric and one-way cryptos) nettle-bin - low level cryptographic library (binary tools) nettle-dev - low level cryptographic library (development files) Changes: nettle (3.7-2.1ubuntu1) hirsute; urgency=medium . * SECURITY UPDATE: Out of Bound memory access in signature verification - debian/patches/CVE-2021-20305-1.patch: new functions ecc_mod_mul_canonical and ecc_mod_sqr_canonical in curve25519-eh-to-x.c, curve448-eh-to-x.c, ecc-eh-to-a.c, ecc-internal.h, ecc-j-to-a.c, ecc-mod-arith.c, ecc-mul-m.c. - debian/patches/CVE-2021-20305-2.patch: use ecc_mod_mul_canonical for point comparison in eddsa-verify.c. - debian/patches/CVE-2021-20305-3.patch: fix bug in ecc_ecdsa_verify in ecc-ecdsa-verify.c, testsuite/ecdsa-sign-test.c. - debian/patches/CVE-2021-20305-4.patch: ensure ecdsa_sign output is canonically reduced in ecc-ecdsa-sign.c. - debian/patches/CVE-2021-20305-5.patch: analogous fix to ecc_gostdsa_verify in ecc-gostdsa-verify.c. - debian/patches/CVE-2021-20305-6.patch: similar fix for eddsa in eddsa-hash.c. - debian/patches/CVE-2021-20305-7.patch: fix canonical reduction in gostdsa_vko in gostdsa-vko.c. - debian/libhogweed6.symbols: added new symbols. - CVE-2021-20305 Checksums-Sha1: 8e19ba0797780e20e053ca521a68470e11fc9815 197460 libhogweed6-dbgsym_3.7-2.1ubuntu1_s390x.ddeb 0772f72bfb9099273ae0a06578ac2d3149335083 193256 libhogweed6_3.7-2.1ubuntu1_s390x.deb 1bbdd1f8a221bc8ea9210351518f847141d5cf2d 302212 libnettle8-dbgsym_3.7-2.1ubuntu1_s390x.ddeb 583b179175030a4b49e5d0e4ba10253723e55873 155680 libnettle8_3.7-2.1ubuntu1_s390x.deb fabecc990fed796362c63768761a07a828308d3f 106644 nettle-bin-dbgsym_3.7-2.1ubuntu1_s390x.ddeb 31efd1d50a7bd8f0c76533bb1fc5971e858fd3d8 27088 nettle-bin_3.7-2.1ubuntu1_s390x.deb fdc3ebbd339d7b15aa252666cc9591c989c37a48 1124928 nettle-dev_3.7-2.1ubuntu1_s390x.deb 344580285673e34ba2f08cccc3f8ab174c5ff525 7612 nettle_3.7-2.1ubuntu1_s390x.buildinfo Checksums-Sha256: e453f02cac7ab8310746c7ed5172106529d76558ff59ac1ba689e75df3711fb7 197460 libhogweed6-dbgsym_3.7-2.1ubuntu1_s390x.ddeb 1e1ef1bd56a137d1873b35ec50da1cdcbd90d4100a1b64357c9314873761e1b8 193256 libhogweed6_3.7-2.1ubuntu1_s390x.deb 4b973903d3bbcd0744ee933737bc108935a8b8f3f183457f8922ade390260c80 302212 libnettle8-dbgsym_3.7-2.1ubuntu1_s390x.ddeb 426f9c88dd5d312e4ff4f08a55657e5c3c68b84b1640beee5cec3751049a4660 155680 libnettle8_3.7-2.1ubuntu1_s390x.deb 96bbd519146ddb7357125489aa6e27bf64cb70cec473b5baeb9b756528d1eb11 106644 nettle-bin-dbgsym_3.7-2.1ubuntu1_s390x.ddeb f93d297e461ea2b980c09150f032c3cc184e25df4bbca441cc3a48480a172581 27088 nettle-bin_3.7-2.1ubuntu1_s390x.deb 992f55d9336998d0ea694eac176f2b5a12ee063e3098b035936def6c76f2c253 1124928 nettle-dev_3.7-2.1ubuntu1_s390x.deb e4d07aa5e0eed15475d3902f00f9e5993fa4587b75d281adb729a1b073a587e0 7612 nettle_3.7-2.1ubuntu1_s390x.buildinfo Files: 33b0eb80e70ea306a41e2db2875d0888 197460 debug optional libhogweed6-dbgsym_3.7-2.1ubuntu1_s390x.ddeb 876bf1d637bb82535c4d561332b89751 193256 libs optional libhogweed6_3.7-2.1ubuntu1_s390x.deb ec7304846f3ec9ed4c60e94827917acd 302212 debug optional libnettle8-dbgsym_3.7-2.1ubuntu1_s390x.ddeb 6469679856301a620e13366ddcb3cf3c 155680 libs optional libnettle8_3.7-2.1ubuntu1_s390x.deb 8e329044fe2304bb5700bce9cce345ac 106644 debug optional nettle-bin-dbgsym_3.7-2.1ubuntu1_s390x.ddeb 6c88e273c4c644e1b98128261a9183b1 27088 misc optional nettle-bin_3.7-2.1ubuntu1_s390x.deb d654d009cb53fa26d9fb1e427ca326c4 1124928 libdevel optional nettle-dev_3.7-2.1ubuntu1_s390x.deb 8a9775f17d54ea6df86660a0b1b09c9c 7612 libs optional nettle_3.7-2.1ubuntu1_s390x.buildinfo Original-Maintainer: Magnus Holmgren