bug#47222: Serious bug in Nettle's ecdsa

bug-guix

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#47222: Serious bug in Nettle's ecdsa_verify

From:	Léo Le Bouter
Subject:	bug#47222: Serious bug in Nettle's ecdsa_verify
Date:	Tue, 06 Apr 2021 13:09:57 +0200
User-agent:	Evolution 3.34.2

I am no expert cryptographer, it is likely that if I try backporting
such patches I will get something wrong that introduces more flaws.

https://security-tracker.debian.org/tracker/CVE-2021-20305 - no patch
backported yet
https://packages.ubuntu.com/source/focal/nettle - no patch backported
either

It would be best if Nettle adopted a forever (or almost) backwards
compatible ABI from now on like curl (https://curl.se/libcurl/abi.html)
so that such things don't happen again.

Thank you,
Léo

signature.asc
Description: This is a digitally signed message part

[Prev in Thread]

Current Thread

[Next in Thread]

bug#47222: Serious bug in Nettle's ecdsa_verify, Léo Le Bouter <=
- bug#47222: Serious bug in Nettle's ecdsa_verify, Ludovic Courtès, 2021/04/16

Prev by Date: bug#47614: [security] Chunked store references in .zo files in Racket 8
Next by Date: bug#33848: Store references in SBCL-compiled code are "invisible"
Previous by thread: bug#47614: [security] Chunked store references in .zo files in Racket 8
Next by thread: bug#47222: Serious bug in Nettle's ecdsa_verify
Index(es):
- Date
- Thread