[Git][security-tracker-team/security-tracker][master] Add assigned nettle CVE

Thu, 01 Apr 2021 00:01:02 -0700 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
cc6ecccb by Salvatore Bonaccorso at 2021-04-01T09:00:18+02:00
Add assigned nettle CVE

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -22545,8 +22545,24 @@ CVE-2021-20307
        RESERVED
 CVE-2021-20306
        RESERVED
-CVE-2021-20305
-       RESERVED
+CVE-2021-20305 [Out of Bound memory access in signature verification]
+       RESERVED
+       - nettle <unfixed>
+       NOTE: 
https://lists.lysator.liu.se/pipermail/nettle-bugs/2021/009457.html
+       NOTE: New functions ecc_mod_mul_canonical and ecc_mod_sqr_canonical:
+       NOTE: 
https://git.lysator.liu.se/nettle/nettle/-/commit/a63893791280d441c713293491da97c79c0950fe
+       NOTE: Use ecc_mod_mul_canonical for point comparison:
+       NOTE: 
https://git.lysator.liu.se/nettle/nettle/-/commit/971bed6ab4b27014eb23085e8176917e1a096fd5
+       NOTE: Fix bug in ecc_ecdsa_verify:
+       NOTE: 
https://git.lysator.liu.se/nettle/nettle/-/commit/74ee0e82b6891e090f20723750faeb19064e31b2
+       NOTE: Ensure ecdsa_sign output is canonically reduced:
+       NOTE: 
https://git.lysator.liu.se/nettle/nettle/-/commit/51f643eee00e2caa65c8a2f5857f49acdf3ef1ce
+       NOTE: Analogous fix to ecc_gostdsa_verify:
+       NOTE: 
https://git.lysator.liu.se/nettle/nettle/-/commit/401c8d53d8a8cf1e79980e62bda3f946f8e07c14
+       NOTE: Similar fix for eddsa:
+       NOTE: 
https://git.lysator.liu.se/nettle/nettle/-/commit/ae3801a0e5cce276c270973214385c86048d5f7b
+       NOTE: Fix canonical reduction in gostdsa_vko:
+       NOTE: 
https://git.lysator.liu.se/nettle/nettle/-/commit/63f222c60b03470c0005aa9bc4296fbf585f68b9
 CVE-2021-20304
        RESERVED
 CVE-2021-20303



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cc6ecccb75d6c13d3a788c5046a4deb437cfa1cb

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cc6ecccb75d6c13d3a788c5046a4deb437cfa1cb
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to