golang-filippo-edwards25519 - Debian Package Tracker

general

source: golang-filippo-edwards25519 (main)
version: 1.0.0~rc1+git20210721-0.1
maintainer: Debian Go Packaging Team (DMD)
uploaders: nicoo [DMD]
arch: all
std-ver: 4.6.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

oldstable: 1.0.0~rc1+git20210721-0.1
stable: 1.0.0~rc1+git20210721-0.1
testing: 1.0.0~rc1+git20210721-0.1
unstable: 1.0.0~rc1+git20210721-0.1

versioned links

1.0.0~rc1+git20210721-0.1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

golang-filippo-edwards25519-dev

action needed

A new upstream version is available: 1.2.0 high

A new upstream version 1.2.0 is available, you should consider packaging it.

Created: 2025-11-27 Last update: 2026-02-21 07:30

1 security issue in sid high

There is 1 open security issue in sid.

1 important issue:

CVE-2026-26958: filippo.io/edwards25519 is a Go library implementing the edwards25519 elliptic curve with APIs for building cryptographic primitives. In versions 1.1.0 and earlier, MultiScalarMult produces invalid results or undefined behavior if the receiver is not the identity point. If (*Point).MultiScalarMult is called on an initialized point that is not the identity point, it returns an incorrect result. If the method is called on an uninitialized point, the behavior is undefined. In particular, if the receiver is the zero value, MultiScalarMult returns an invalid point that compares Equal to every other point. Note that MultiScalarMult is a rarely used, advanced API. For example, users who depend on filippo.io/edwards25519 only through github.com/go-sql-driver/mysql are not affected. This issue has been fixed in version 1.1.1.

Created: 2026-02-20 Last update: 2026-02-21 00:00

1 security issue in forky high

There is 1 open security issue in forky.

1 important issue:

CVE-2026-26958: filippo.io/edwards25519 is a Go library implementing the edwards25519 elliptic curve with APIs for building cryptographic primitives. In versions 1.1.0 and earlier, MultiScalarMult produces invalid results or undefined behavior if the receiver is not the identity point. If (*Point).MultiScalarMult is called on an initialized point that is not the identity point, it returns an incorrect result. If the method is called on an uninitialized point, the behavior is undefined. In particular, if the receiver is the zero value, MultiScalarMult returns an invalid point that compares Equal to every other point. Note that MultiScalarMult is a rarely used, advanced API. For example, users who depend on filippo.io/edwards25519 only through github.com/go-sql-driver/mysql are not affected. This issue has been fixed in version 1.1.1.

Created: 2026-02-20 Last update: 2026-02-21 00:00

Multiarch hinter reports 1 issue(s) normal

There are issues with the multiarch metadata for this package.

golang-filippo-edwards25519-dev could be marked Multi-Arch: foreign

Created: 2021-02-28 Last update: 2026-02-21 07:31

version in VCS is newer than in repository, is it time to upload? normal

vcswatch reports that this package seems to have a new changelog entry (version 1.1.0-1, distribution UNRELEASED) and new commits in its VCS. You should consider whether it's time to make an upload.

Here are the relevant commit messages:

commit 16dad86ca12403bfc509f54210114a7d2fc3bbf7
Author: Martin Dosch <martin@mdosch.de>
Date:   Sat May 11 16:58:23 2024 +0200

    d/copyright: Fix several issues.

commit 1b88ec27e8014039f08e95fc17da440e958c419b
Author: Martin Dosch <martin@mdosch.de>
Date:   Fri May 10 11:46:38 2024 +0200

    d/changelog: Remove whitespace typo.

commit 8f57aef1b2a180a82ad627c224d866c811b25645
Author: Martin Dosch <martin@mdosch.de>
Date:   Fri May 10 11:43:13 2024 +0200

    New upstream release.

commit e9dbed0bd32f63f461163d7cf34b4c8b56283d72
Author: Martin Dosch <martin@mdosch.de>
Date:   Fri May 10 11:40:41 2024 +0200

    d/control: Set ' Multi-Arch: foreign'.

commit b7840a3548204e0fda3b693deedab8f4d7382720
Author: Martin Dosch <martin@mdosch.de>
Date:   Fri May 10 11:38:02 2024 +0200

    d/control: Bump Standards-Version to 4.7.0 (no changes necessary).

commit d6eb3db4764e3326690e3db89f5c1502cd31350b
Merge: 233e376 dbc310f
Author: Martin Dosch <martin@mdosch.de>
Date:   Fri May 10 11:32:34 2024 +0200

    Update upstream source from tag 'upstream/1.1.0'
    
    Update to upstream version '1.1.0'
    with Debian dir 4f72a0615851eb83372a3c13a09517285140c5c7

commit dbc310fca2c279fe7f06b4a27e4fe251eabb837c
Author: Martin Dosch <martin@mdosch.de>
Date:   Fri May 10 11:32:29 2024 +0200

    New upstream version 1.1.0

Created: 2024-05-10 Last update: 2026-02-19 02:33

1 low-priority security issue in trixie low

There is 1 open security issue in trixie.

1 issue left for the package maintainer to handle:

CVE-2026-26958: (needs triaging) filippo.io/edwards25519 is a Go library implementing the edwards25519 elliptic curve with APIs for building cryptographic primitives. In versions 1.1.0 and earlier, MultiScalarMult produces invalid results or undefined behavior if the receiver is not the identity point. If (*Point).MultiScalarMult is called on an initialized point that is not the identity point, it returns an incorrect result. If the method is called on an uninitialized point, the behavior is undefined. In particular, if the receiver is the zero value, MultiScalarMult returns an invalid point that compares Equal to every other point. Note that MultiScalarMult is a rarely used, advanced API. For example, users who depend on filippo.io/edwards25519 only through github.com/go-sql-driver/mysql are not affected. This issue has been fixed in version 1.1.1.

You can find information about how to handle this issue in the security team's documentation.

Created: 2026-02-20 Last update: 2026-02-21 00:00

1 low-priority security issue in bookworm low

There is 1 open security issue in bookworm.

1 issue left for the package maintainer to handle:

CVE-2026-26958: (needs triaging) filippo.io/edwards25519 is a Go library implementing the edwards25519 elliptic curve with APIs for building cryptographic primitives. In versions 1.1.0 and earlier, MultiScalarMult produces invalid results or undefined behavior if the receiver is not the identity point. If (*Point).MultiScalarMult is called on an initialized point that is not the identity point, it returns an incorrect result. If the method is called on an uninitialized point, the behavior is undefined. In particular, if the receiver is the zero value, MultiScalarMult returns an invalid point that compares Equal to every other point. Note that MultiScalarMult is a rarely used, advanced API. For example, users who depend on filippo.io/edwards25519 only through github.com/go-sql-driver/mysql are not affected. This issue has been fixed in version 1.1.1.

You can find information about how to handle this issue in the security team's documentation.

Created: 2026-02-20 Last update: 2026-02-21 00:00

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.7.3 instead of 4.6.0).

Created: 2022-05-11 Last update: 2025-12-23 20:00

news

[rss feed]

[2022-03-03] Accepted golang-filippo-edwards25519 1.0.0~rc1+git20210721-0.1~bpo11+1 (source) into bullseye-backports (Ana Custura)
[2022-02-18] golang-filippo-edwards25519 1.0.0~rc1+git20210721-0.1 MIGRATED to testing (Debian testing watch)
[2022-02-15] Accepted golang-filippo-edwards25519 1.0.0~rc1+git20210721-0.1 (source) into unstable (Ana Custura)
[2021-11-22] Accepted golang-filippo-edwards25519 1.0.0~rc1-1~bpo11+1 (source all) into bullseye-backports, bullseye-backports (Debian FTP Masters) (signed by: Aloïs Micard)
[2021-11-12] golang-filippo-edwards25519 1.0.0~rc1-1 MIGRATED to testing (Debian testing watch)
[2021-11-09] Accepted golang-filippo-edwards25519 1.0.0~rc1-1 (source) into unstable (Johan Fleury) (signed by: Aloïs Micard)
[2021-08-16] golang-filippo-edwards25519 1.0.0~beta.3-2 MIGRATED to testing (Debian testing watch)
[2021-03-17] Accepted golang-filippo-edwards25519 1.0.0~beta.3-2 (source) into unstable (nicoo) (signed by: nicoo@debian.org)
[2021-02-27] Accepted golang-filippo-edwards25519 1.0.0~beta.3-1 (source all) into unstable, unstable (Debian FTP Masters) (signed by: nicoo@debian.org)

bugs [bug history graph]

all: 1
RC: 0
I&N: 1
M&W: 0
F&P: 0
patch: 0

links

homepage
lintian
buildd: logs, reproducibility
popcon
browse source code
edit tags
other distros
security tracker
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 1.0.0~rc1+git20210721-0.1build1