subject:"Bug#1008154\: buster\-pu\: package node\-node\-forge\/0.8.1\~dfsg\-1\+deb10u1"

Processed: Re: Bug#1008154: buster-pu: package node-node-forge/0.8.1~dfsg-1+deb10u1

2022-08-05 Thread Debian Bug Tracking System

Processing control commands: > tags -1 + confirmed Bug #1008154 [release.debian.org] buster-pu: package node-node-forge/0.8.1~dfsg-1+deb10u1 Added tag(s) confirmed. -- 1008154: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1008154 Debian Bug Tracking System Contact ow...@bugs.debian.org wit

Bug#1008154: buster-pu: package node-node-forge/0.8.1~dfsg-1+deb10u1

2022-08-05 Thread Adam D. Barratt

Control: tags -1 + confirmed On Wed, 2022-03-23 at 11:29 +0100, Yadd wrote: > node-node-forge signature verification code is lenient in checking > the digest > algorithm structure. This can allow a crafted structure that steals > padding > bytes and uses unchecked portion of the PKCS#1 encoded mes

Bug#1008154: buster-pu: package node-node-forge/0.8.1~dfsg-1+deb10u1

2022-03-23 Thread Yadd

Package: release.debian.org Severity: normal Tags: buster User: release.debian@packages.debian.org Usertags: pu [ Reason ] node-node-forge signature verification code is lenient in checking the digest algorithm structure. This can allow a crafted structure that steals padding bytes and uses un