Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-lts-changes@lists.debian.org> , <dispatch@tracker.debian.org>
Subject: Accepted nettle 3.3-1+deb9u1 (source) into oldoldstable
Date: Sat, 18 Sep 2021 14:10:13 +0000
Signed by: Markus Koschany <apo@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 18 Sep 2021 15:52:42 +0200
Source: nettle
Binary: libnettle6 libhogweed4 nettle-dev nettle-bin nettle-dbg
Architecture: source
Version: 3.3-1+deb9u1
Distribution: stretch-security
Urgency: high
Maintainer: Magnus Holmgren <holmgren@debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description:
 libhogweed4 - low level cryptographic library (public-key cryptos)
 libnettle6 - low level cryptographic library (symmetric and one-way cryptos)
 nettle-bin - low level cryptographic library (binary tools)
 nettle-dbg - low level cryptographic library (debugging symbols)
 nettle-dev - low level cryptographic library (development files)
Changes:
 nettle (3.3-1+deb9u1) stretch-security; urgency=high
 .
   * Non-maintainer upload by the LTS team.
   * Fix CVE-2021-20305:
     A flaw was found in Nettle, where several Nettle signature verification
     functions (EDDSA & ECDSA) result in the Elliptic Curve Cryptography point
     (ECC) multiply function being called with out-of-range scalers, possibly
     resulting in incorrect results. This flaw allows an attacker to force an
     invalid signature, causing an assertion failure or possible validation. The
     highest threat to this vulnerability is to confidentiality, integrity, as
     well as system availability.
   * Fix CVE-2021-3580:
     A flaw was found in the way nettle's RSA decryption functions handled
     specially crafted ciphertext. An attacker could use this flaw to provide a
     manipulated ciphertext leading to application crash and denial of service.
Checksums-Sha1:
 30cd9f3705969c82154bef312b8c7b8570bee271 2254 nettle_3.3-1+deb9u1.dsc
 bf2b4d3a41192ff6177936d7bc3bee4cebeb86c4 1887927 nettle_3.3.orig.tar.gz
 80a486c9e60d3e6180e024b4448e3592703b0b95 22800 nettle_3.3-1+deb9u1.debian.tar.xz
 08ff23f498d9257a465472f63d6d615987460e5c 7425 nettle_3.3-1+deb9u1_amd64.buildinfo
Checksums-Sha256:
 9c261941a40543298849fb053aa8090a88127716b49f4977a0b6a4dbca64840f 2254 nettle_3.3-1+deb9u1.dsc
 46942627d5d0ca11720fec18d81fc38f7ef837ea4197c1f630e71ce0d470b11e 1887927 nettle_3.3.orig.tar.gz
 0db3cb4a3b0a525f6048158672ed1a72a9c85a05ccad37eb3a7f3b8b113f06d4 22800 nettle_3.3-1+deb9u1.debian.tar.xz
 e015a7af105c5fae896432e1ff85f8c8180ea0adff5ec6802db21fd345a087e1 7425 nettle_3.3-1+deb9u1_amd64.buildinfo
Files:
 5a82185a25b14793f585304507eb5bf8 2254 libs optional nettle_3.3-1+deb9u1.dsc
 10f969f78a463704ae73529978148dbe 1887927 libs optional nettle_3.3.orig.tar.gz
 16ddf6a134e0cb79b7f05e6c5b7935c4 22800 libs optional nettle_3.3-1+deb9u1.debian.tar.xz
 1067290dacc9f57f10cc6652abd3b978 7425 libs optional nettle_3.3-1+deb9u1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmFF735fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1Hk2CQP/0yR/EJ+9vPAlXMYCLe9DsGQOJol1eeiyfSx
bgKAR7GT2cJ/JUL0ma1P04WyFp9Hphpo5X7JYe+Ezo+mqx2FgJBCpXOqQM5rclgc
6kEp5EX4x7sM1NZa8Zv9QFTKLPHLJptNp3VrHasm2k8sN+A2j8I0hg+OrOK8rc1A
QevA7lHuM4GpVDpImAuZzteDqwBgWxARKTKcDXHNyPLl/Fk5VJB88ZmDMRCXadAh
m7yDD3q3MqEI+NuleTZUEPoxF21cQjw1JcYyjrp4fx8upf4RGe39k/Yrca5gbo92
tU3t8NjVa5Hi95A5MYRWj+8ORcDKz4VH4nuukblvIz0SHWoYPF0oELtp/bqCxmjR
y8tUemeZXWsioOTfnrS0xaYHuEOfwZFirJk2sF0yw4KyAXtJ4fxL0hukjaLvmgbm
rcJDrZIniztM/GrU70BUppjlzLliU8rKGnb0NigImTnpElXHgV4Hq5vy7IpKihjp
O69sYTSZ19b79E3PKGynCSBQou5cX4USSp5ksnjiS4hw/P9OUttqodqeAfdzmgN0
TviwpBSwblGSzUKqR/FWNCkDoZp2UXwdAmeu9m1of/3COhiqPrt7pOyd9ftSSQcQ
5eOOuYjqJaRdsmcYDfbi0zJxKzCHdWMrGmd4/3p+RAMAy4mq+ErAydMjn5vprnsS
c/ra90IO
=L1CP
-----END PGP SIGNATURE-----
News for package nettle
