golang-filippo-edwards25519 - Debian Package Tracker

general

source: golang-filippo-edwards25519 (main)
version: 1.2.0-1
maintainer: Debian Go Packaging Team (DMD)
uploaders: nicoo [DMD]
arch: all
std-ver: 4.7.3
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

oldstable: 1.0.0~rc1+git20210721-0.1
stable: 1.0.0~rc1+git20210721-0.1
testing: 1.2.0-1
unstable: 1.2.0-1

versioned links

1.0.0~rc1+git20210721-0.1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.2.0-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

golang-filippo-edwards25519-dev

action needed

1 new commit since last upload, is it time to release? normal

vcswatch reports that this package seems to have new commits in its VCS but has not yet updated debian/changelog. You should consider updating the Debian changelog and uploading this new version into the archive.

Here are the relevant commit logs:

commit b478593e240a1261684fb3d00b82c30eef80264e
Author: Simon Josefsson <simon@josefsson.org>
Date:   Fri Mar 20 20:35:37 2026 +0100

    Fix Vcs-* URLs

https://salsa.debian.org/api/v4/projects/go-team%2Fpackages%2Ffilippo.io-edwards25519 API request failed: 404 Not Found at /srv/qa.debian.org/data/vcswatch/vcswatch line 410.

Created: 2026-03-28 Last update: 2026-03-28 06:30

1 low-priority security issue in trixie low

There is 1 open security issue in trixie.

1 issue left for the package maintainer to handle:

CVE-2026-26958: (needs triaging) filippo.io/edwards25519 is a Go library implementing the edwards25519 elliptic curve with APIs for building cryptographic primitives. In versions 1.1.0 and earlier, MultiScalarMult produces invalid results or undefined behavior if the receiver is not the identity point. If (*Point).MultiScalarMult is called on an initialized point that is not the identity point, it returns an incorrect result. If the method is called on an uninitialized point, the behavior is undefined. In particular, if the receiver is the zero value, MultiScalarMult returns an invalid point that compares Equal to every other point. Note that MultiScalarMult is a rarely used, advanced API. For example, users who depend on filippo.io/edwards25519 only through github.com/go-sql-driver/mysql are not affected. This issue has been fixed in version 1.1.1.

You can find information about how to handle this issue in the security team's documentation.

Created: 2026-02-20 Last update: 2026-03-22 04:00

1 low-priority security issue in bookworm low

There is 1 open security issue in bookworm.

1 issue left for the package maintainer to handle:

CVE-2026-26958: (needs triaging) filippo.io/edwards25519 is a Go library implementing the edwards25519 elliptic curve with APIs for building cryptographic primitives. In versions 1.1.0 and earlier, MultiScalarMult produces invalid results or undefined behavior if the receiver is not the identity point. If (*Point).MultiScalarMult is called on an initialized point that is not the identity point, it returns an incorrect result. If the method is called on an uninitialized point, the behavior is undefined. In particular, if the receiver is the zero value, MultiScalarMult returns an invalid point that compares Equal to every other point. Note that MultiScalarMult is a rarely used, advanced API. For example, users who depend on filippo.io/edwards25519 only through github.com/go-sql-driver/mysql are not affected. This issue has been fixed in version 1.1.1.

You can find information about how to handle this issue in the security team's documentation.

Created: 2026-02-20 Last update: 2026-03-22 04:00

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.7.4 instead of 4.7.3).

Created: 2026-03-31 Last update: 2026-03-31 15:01

news

[rss feed]

[2026-03-22] golang-filippo-edwards25519 1.2.0-1 MIGRATED to testing (Debian testing watch)
[2026-03-20] Accepted golang-filippo-edwards25519 1.2.0-1 (source) into unstable (Simon Josefsson)
[2022-03-03] Accepted golang-filippo-edwards25519 1.0.0~rc1+git20210721-0.1~bpo11+1 (source) into bullseye-backports (Ana Custura)
[2022-02-18] golang-filippo-edwards25519 1.0.0~rc1+git20210721-0.1 MIGRATED to testing (Debian testing watch)
[2022-02-15] Accepted golang-filippo-edwards25519 1.0.0~rc1+git20210721-0.1 (source) into unstable (Ana Custura)
[2021-11-22] Accepted golang-filippo-edwards25519 1.0.0~rc1-1~bpo11+1 (source all) into bullseye-backports, bullseye-backports (Debian FTP Masters) (signed by: Aloïs Micard)
[2021-11-12] golang-filippo-edwards25519 1.0.0~rc1-1 MIGRATED to testing (Debian testing watch)
[2021-11-09] Accepted golang-filippo-edwards25519 1.0.0~rc1-1 (source) into unstable (Johan Fleury) (signed by: Aloïs Micard)
[2021-08-16] golang-filippo-edwards25519 1.0.0~beta.3-2 MIGRATED to testing (Debian testing watch)
[2021-03-17] Accepted golang-filippo-edwards25519 1.0.0~beta.3-2 (source) into unstable (nicoo) (signed by: nicoo@debian.org)
[2021-02-27] Accepted golang-filippo-edwards25519 1.0.0~beta.3-1 (source all) into unstable, unstable (Debian FTP Masters) (signed by: nicoo@debian.org)

bugs [bug history graph]

all: 1
RC: 0
I&N: 1
M&W: 0
F&P: 0
patch: 0

links

homepage
lintian
buildd: logs, reproducibility
popcon
browse source code
edit tags
other distros
security tracker
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 1.0.0~rc1+git20210721-0.1build1