Your message dated Tue, 29 Apr 2025 21:06:36 +0000
with message-id <[email protected]>
and subject line Bug#1059311: fixed in libcrypto++ 8.9.0-2
has caused the Debian Bug report #1059311,
regarding libcrypto++: CVE-2023-50980
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1059311: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059311
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: libcrypto++
X-Debbugs-CC: [email protected]
Severity: important
Tags: security
Hi,
The following vulnerability was published for libcrypto++.
CVE-2023-50980[0]:
| gf2n.cpp in Crypto++ (aka cryptopp) through 8.9.0 allows attackers
| to cause a denial of service (application crash) via DER public-key
| data for an F(2^m) curve, if the degree of each term in the
| polynomial is not strictly decreasing.
https://github.com/weidai11/cryptopp/issues/1248
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2023-50980
https://www.cve.org/CVERecord?id=CVE-2023-50980
Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---
Source: libcrypto++
Source-Version: 8.9.0-2
Done: Laszlo Boszormenyi (GCS) <[email protected]>
We believe that the bug you reported is fixed in the latest version of
libcrypto++, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Laszlo Boszormenyi (GCS) <[email protected]> (supplier of updated libcrypto++
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 29 Apr 2025 21:12:05 +0200
Source: libcrypto++
Architecture: source
Version: 8.9.0-2
Distribution: unstable
Urgency: high
Maintainer: Laszlo Boszormenyi (GCS) <[email protected]>
Changed-By: Laszlo Boszormenyi (GCS) <[email protected]>
Closes: 1059311
Changes:
libcrypto++ (8.9.0-2) unstable; urgency=high
.
* Update gf2n documentation.
* Fix CVE-2023-50980: denial of service (application crash) via DER
public-key data (closes: #1059311).
Checksums-Sha1:
673de1fbad995f84418f4f406dfab4d0ef541a76 2027 libcrypto++_8.9.0-2.dsc
1b0daee2b8eaefe58f96d27eb2f69c984ec1a8dd 16412
libcrypto++_8.9.0-2.debian.tar.xz
Checksums-Sha256:
fa780a7eeded9d564f8671ab9741b6bf94ee0d5aa653c566a78277ad78657866 2027
libcrypto++_8.9.0-2.dsc
c7fb3deb67260173a823667d0362a6e5738b598a8a291266f6eac25eb87fd1bb 16412
libcrypto++_8.9.0-2.debian.tar.xz
Files:
f0ec46a39d171c7035d00531742f5ef8 2027 libs optional libcrypto++_8.9.0-2.dsc
bb941efb82050d5168e200974530449e 16412 libs optional
libcrypto++_8.9.0-2.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEfYh9yLp7u6e4NeO63OMQ54ZMyL8FAmgRKk4ACgkQ3OMQ54ZM
yL/eWA/+PHtAGiAlV0ytvovrR/iXCUlODqP59bhlvO05u8shlWg95URzvydEX6XE
k/Ri0t0TRioo8y7u4yaPZljmQWoWmOBUSJMy6KmL7rbp67O1HvHiFSeSpDCBlvLc
VUtU2Z8FvIUKsVPccGunSx4lf5M31oDEvR59I9dHcYTND/tjtOq64kbKCmIh3BNg
HFwGvtUt0nsdvGGqgq2Bd968UXHh1qMqPUb+TA/2i3S1sRT1ANdRc1/q0Txz5gnT
xAOpGQLrYl8Ah0d8SdV6pwunHFD6bvnP8/rV+8jaOn7j0/bhsNsGMcbFarAcLZoR
fr/07FfLM7UdNlcwO1WS/nWsHjFmlyO5Xpr9/RbzqjNqFyGqrzEa0idBD5GYmQAe
iqJiNFOTviL6OUan8rPRu6Jc5SkZLQ2zUeDPmGEwY776FpmyOW9aoKcU4uDsJH2i
+OeztP1IfpBjN5wQPfJietOf7B0kGDwF2XG/Z2fxM8MphFG+mE2UIryGo1Um9CAQ
0Cb1dEmY5wgWrHi3KPcH4oRBoRA95pGcDmZn3mzXUdgCubYTIy1YjHlphoyXdsxY
kcbwgXHzMR49dIuTbg3QrAq/lADkIZrKIKdeBc3HFytPeUd6A0mtKmsk+CmGGpTQ
uznbTbdqNkfD+NEPQSkn7KaLkwxGE2UqdFB9LxRdHJck8X7lCQI=
=NsoU
-----END PGP SIGNATURE-----
pgpvmEZuvsM4d.pgp
Description: PGP signature
--- End Message ---
