Your message dated Mon, 21 Jun 2021 19:02:07 +0000
with message-id <[email protected]>
and subject line Bug#989631: fixed in nettle 3.4.1-1+deb10u1
has caused the Debian Bug report #989631,
regarding nettle: CVE-2021-3580: Remote crash in RSA decryption via manipulated
ciphertext
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
989631: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989631
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: nettle
Version: 3.7.2-3
Severity: grave
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for nettle.
CVE-2021-3580[0]:
| Remote crash in RSA decryption via manipulated ciphertext
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2021-3580
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3580
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1967983
[2]
https://git.lysator.liu.se/nettle/nettle/-/commit/0ad0b5df315665250dfdaa4a1e087f4799edaefe
[3]
https://git.lysator.liu.se/nettle/nettle/-/commit/485b5e2820a057e873b1ba812fdb39cae4adf98c
[4]
https://git.lysator.liu.se/nettle/nettle/-/commit/485b5e2820a057e873b1ba812fdb39cae4adf98c
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: nettle
Source-Version: 3.4.1-1+deb10u1
Done: Magnus Holmgren <[email protected]>
We believe that the bug you reported is fixed in the latest version of
nettle, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Magnus Holmgren <[email protected]> (supplier of updated nettle package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Fri, 11 Jun 2021 19:53:20 +0200
Source: nettle
Architecture: source
Version: 3.4.1-1+deb10u1
Distribution: buster-security
Urgency: high
Maintainer: Magnus Holmgren <[email protected]>
Changed-By: Magnus Holmgren <[email protected]>
Closes: 985652 989631
Changes:
nettle (3.4.1-1+deb10u1) buster-security; urgency=high
.
* Fix for CVE-2021-3580 - potential crash on invalid input to the RSA
decryption functions (Closes: #989631).
* Fix for CVE-2021-20305 - bug in ECDSA signature verification that
could lead to a denial of service attack (via an assertion failure) or
possibly incorrect results, backported from 3.7.2 by Marc Deslauriers
<[email protected]> (Closes: #985652).
Checksums-Sha1:
23fa2e1210934c2bf273688cc0eb85828dec108c 2290 nettle_3.4.1-1+deb10u1.dsc
56a81ed4a8d35489d8bddd99d5262fe3958a52b4 1947053 nettle_3.4.1.orig.tar.gz
32e42277da6045ef07b31a163f1479cd7a36eefd 2476 nettle_3.4.1.orig.tar.gz.asc
a70315a26f6b06c637c2d5fbd46998b5d2162874 26508
nettle_3.4.1-1+deb10u1.debian.tar.xz
c835ffcaeeacce3c2ddc7027cfcd6e712a75212c 6072
nettle_3.4.1-1+deb10u1_source.buildinfo
Checksums-Sha256:
b38c9a78ae0732a94d06dbc811479f6ee8357bd47604dfa92f0d0801b148eebc 2290
nettle_3.4.1-1+deb10u1.dsc
f941cf1535cd5d1819be5ccae5babef01f6db611f9b5a777bae9c7604b8a92ad 1947053
nettle_3.4.1.orig.tar.gz
07b265366b46bc67950da3f34687235eaa85c45b326e42bb7c9b58830b651d28 2476
nettle_3.4.1.orig.tar.gz.asc
b847de5ccd50b9bc0aa56dd7fe750c224683174676dde69c86f62bece52ff4ba 26508
nettle_3.4.1-1+deb10u1.debian.tar.xz
ad09746fc846ae3df71208bde6f999c60439f26622b15adbc869e0690d6adcf8 6072
nettle_3.4.1-1+deb10u1_source.buildinfo
Files:
da1cbe8255a65c63d4d9fb18c960b512 2290 libs optional nettle_3.4.1-1+deb10u1.dsc
9bdebb0e2f638d3b9d91f7fc264b70c1 1947053 libs optional nettle_3.4.1.orig.tar.gz
ad85955beeebd9807bd5f5b45cd4f70e 2476 libs optional
nettle_3.4.1.orig.tar.gz.asc
65059423e88d34c1dd5359728d0c829a 26508 libs optional
nettle_3.4.1-1+deb10u1.debian.tar.xz
19338059add839d800e725b30ab9f161 6072 libs optional
nettle_3.4.1-1+deb10u1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEzSoHOzhhVBcKQILo1PIZv+yZhIkFAmDJAMEACgkQ1PIZv+yZ
hIm9nw//c2DYojSV2TKCqRttfyOz82DXoGh30Kp2U9q6l66t+ySiM+v7Qu6HzEer
Dkq+zaqCetZRoaJMnuFK8i3YjQ5IeQN/hAJvjpCXIN50mZaBdjSlnv2X/DP7bl7j
W3UXQSvMQMLkTk7nqV50v4JcVn+6MkJZNUpmDsL21mqRcXGOb4hWZVF+cPEQxVoq
5KQVqlFMLRd2pF/px5gyKQTgPEmv+K4MlSNvOwzDOtXYBYa27pyD3Zo1XScPZKrH
Fz/EccpA4tIvSDN42hSGfw60Bncsq4D682iiNYs9s1gcVOfwKC9qe0SdbQyRYYUQ
AgqIFVbbIm0xJxvnY/6H+dvJcmZ0vNt+GuS5jZNQBuFDq3t5Me+UppfJ1OTqvEBq
DfS+i44ynUkOlPb3FhoeHYOxigqsIH3jcBl+4sptKT6eANj+2delB7hAhmrS5C+T
B571yQoXRPFdf6+VmXKHUaUV54uKpUkAzPdv4qCiXhwVZk+lvWWS9/r1Vc8QqQiN
3hE5nChgWYbuyo5cJ8uSBuJmSYl+8dqcZZ+3AGhnnKrr6eeJg3QNJdnqscSjfHc2
3G7P6zagB0PtjNHakPB5Gnr9JXtX7jLUWBaHXzBMq17I8jOMoxJxgE9vWAZ6YnZ5
TaY2lXwQB5mgsX3WHzTaTomRx24AaKDaDXM/t+wdJfeeFg0swbU=
=36FZ
-----END PGP SIGNATURE-----
--- End Message ---
