[Git][security-tracker-team/security-tracker][master] Add assigned nettle CVE
Salvatore Bonaccorso
carnil at debian.org
Thu Apr 1 08:00:49 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
cc6ecccb by Salvatore Bonaccorso at 2021-04-01T09:00:18+02:00
Add assigned nettle CVE
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -22545,8 +22545,24 @@ CVE-2021-20307
RESERVED
CVE-2021-20306
RESERVED
-CVE-2021-20305
- RESERVED
+CVE-2021-20305 [Out of Bound memory access in signature verification]
+ RESERVED
+ - nettle <unfixed>
+ NOTE: https://lists.lysator.liu.se/pipermail/nettle-bugs/2021/009457.html
+ NOTE: New functions ecc_mod_mul_canonical and ecc_mod_sqr_canonical:
+ NOTE: https://git.lysator.liu.se/nettle/nettle/-/commit/a63893791280d441c713293491da97c79c0950fe
+ NOTE: Use ecc_mod_mul_canonical for point comparison:
+ NOTE: https://git.lysator.liu.se/nettle/nettle/-/commit/971bed6ab4b27014eb23085e8176917e1a096fd5
+ NOTE: Fix bug in ecc_ecdsa_verify:
+ NOTE: https://git.lysator.liu.se/nettle/nettle/-/commit/74ee0e82b6891e090f20723750faeb19064e31b2
+ NOTE: Ensure ecdsa_sign output is canonically reduced:
+ NOTE: https://git.lysator.liu.se/nettle/nettle/-/commit/51f643eee00e2caa65c8a2f5857f49acdf3ef1ce
+ NOTE: Analogous fix to ecc_gostdsa_verify:
+ NOTE: https://git.lysator.liu.se/nettle/nettle/-/commit/401c8d53d8a8cf1e79980e62bda3f946f8e07c14
+ NOTE: Similar fix for eddsa:
+ NOTE: https://git.lysator.liu.se/nettle/nettle/-/commit/ae3801a0e5cce276c270973214385c86048d5f7b
+ NOTE: Fix canonical reduction in gostdsa_vko:
+ NOTE: https://git.lysator.liu.se/nettle/nettle/-/commit/63f222c60b03470c0005aa9bc4296fbf585f68b9
CVE-2021-20304
RESERVED
CVE-2021-20303
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cc6ecccb75d6c13d3a788c5046a4deb437cfa1cb
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cc6ecccb75d6c13d3a788c5046a4deb437cfa1cb
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210401/858b60ed/attachment.htm>
More information about the debian-security-tracker-commits
mailing list