Debian Package Tracker
Register | Log in
Subscribe

libcrypto++

Choose email to subscribe with

general
  • source: libcrypto++ (main)
  • version: 8.8.0-2
  • maintainer: Laszlo Boszormenyi (GCS) (DMD)
  • arch: all any
  • std-ver: 4.6.2
  • VCS: unknown
versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]
[pool directory]
  • o-o-stable: 5.6.4-8
  • oldstable: 8.4.0-1
  • stable: 8.7.0+git220824-1
  • testing: 8.8.0-2
  • unstable: 8.8.0-2
versioned links
  • 5.6.4-8: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 8.4.0-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 8.7.0+git220824-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 8.8.0-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
binaries
  • libcrypto++-dev (1 bugs: 0, 1, 0, 0)
  • libcrypto++-doc
  • libcrypto++-utils (1 bugs: 0, 1, 0, 0)
  • libcrypto++8 (2 bugs: 0, 2, 0, 0)
action needed
1 security issue in trixie high

There is 1 open security issue in trixie.

1 important issue:
  • CVE-2022-48570: Crypto++ through 8.4 contains a timing side channel in ECDSA signature generation. Function FixedSizeAllocatorWithCleanup could write to memory outside of the allocation if the allocated memory was not 16-byte aligned. NOTE: this issue exists because the CVE-2019-14318 fix was intentionally removed for functionality reasons.
Created: 2023-08-23 Last update: 2023-09-12 05:15
1 security issue in sid high

There is 1 open security issue in sid.

1 important issue:
  • CVE-2022-48570: Crypto++ through 8.4 contains a timing side channel in ECDSA signature generation. Function FixedSizeAllocatorWithCleanup could write to memory outside of the allocation if the allocated memory was not 16-byte aligned. NOTE: this issue exists because the CVE-2019-14318 fix was intentionally removed for functionality reasons.
Created: 2023-08-23 Last update: 2023-09-12 05:15
lintian reports 1 error high
Lintian reports 1 error about this package. You should make the package lintian clean getting rid of them.
Created: 2023-07-08 Last update: 2023-07-08 10:38
1 bug tagged patch in the BTS normal
The BTS contains patches fixing 1 bug, consider including or untagging them.
Created: 2023-09-13 Last update: 2023-09-29 09:02
2 low-priority security issues in bullseye low

There are 2 open security issues in bullseye.

2 issues left for the package maintainer to handle:
  • CVE-2021-40530: (needs triaging) The ElGamal implementation in Crypto++ through 8.5 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP.
  • CVE-2022-48570: (needs triaging) Crypto++ through 8.4 contains a timing side channel in ECDSA signature generation. Function FixedSizeAllocatorWithCleanup could write to memory outside of the allocation if the allocated memory was not 16-byte aligned. NOTE: this issue exists because the CVE-2019-14318 fix was intentionally removed for functionality reasons.

You can find information about how to handle these issues in the security team's documentation.

Created: 2022-07-04 Last update: 2023-09-12 05:15
1 low-priority security issue in bookworm low

There is 1 open security issue in bookworm.

1 issue left for the package maintainer to handle:
  • CVE-2022-48570: (needs triaging) Crypto++ through 8.4 contains a timing side channel in ECDSA signature generation. Function FixedSizeAllocatorWithCleanup could write to memory outside of the allocation if the allocated memory was not 16-byte aligned. NOTE: this issue exists because the CVE-2019-14318 fix was intentionally removed for functionality reasons.

You can find information about how to handle this issue in the security team's documentation.

Created: 2023-08-23 Last update: 2023-09-12 05:15
debian/patches: 1 patch to forward upstream low

Among the 1 debian patch available in version 8.8.0-2 of the package, we noticed the following issues:

  • 1 patch where the metadata indicates that the patch has not yet been forwarded upstream. You should either forward the patch upstream or update the metadata to document its real status.
Created: 2023-07-08 Last update: 2023-09-07 23:42
Build log checks report 1 warning low
Build log checks report 1 warning
Created: 2023-09-07 Last update: 2023-09-07 23:30
news
[rss feed]
  • [2023-09-12] libcrypto++ 8.8.0-2 MIGRATED to testing (Debian testing watch)
  • [2023-09-07] Accepted libcrypto++ 8.8.0-2 (source) into unstable (Laszlo Boszormenyi (GCS)) (signed by: Laszlo Boszormenyi)
  • [2023-07-13] libcrypto++ 8.8.0-1 MIGRATED to testing (Debian testing watch)
  • [2023-07-07] Accepted libcrypto++ 8.8.0-1 (source) into unstable (Laszlo Boszormenyi (GCS)) (signed by: Laszlo Boszormenyi)
  • [2022-09-04] libcrypto++ 8.7.0+git220824-1 MIGRATED to testing (Debian testing watch)
  • [2022-08-25] Accepted libcrypto++ 8.7.0+git220824-1 (source) into unstable (Laszlo Boszormenyi (GCS)) (signed by: Laszlo Boszormenyi)
  • [2022-08-13] Accepted libcrypto++ 8.7.0-1 (source) into unstable (Laszlo Boszormenyi (GCS)) (signed by: Laszlo Boszormenyi)
  • [2022-02-18] libcrypto++ 8.6.0-3 MIGRATED to testing (Debian testing watch)
  • [2022-02-12] Accepted libcrypto++ 8.6.0-3 (source) into unstable (Laszlo Boszormenyi (GCS)) (signed by: Laszlo Boszormenyi)
  • [2021-09-28] libcrypto++ 8.6.0-2 MIGRATED to testing (Debian testing watch)
  • [2021-09-26] Accepted libcrypto++ 8.6.0-2 (source) into unstable (Laszlo Boszormenyi (GCS)) (signed by: Laszlo Boszormenyi)
  • [2021-09-25] Accepted libcrypto++ 8.6.0-1 (source) into unstable (Laszlo Boszormenyi (GCS)) (signed by: Laszlo Boszormenyi)
  • [2021-09-13] libcrypto++ 8.5.0-1 MIGRATED to testing (Debian testing watch)
  • [2021-09-07] Accepted libcrypto++ 8.5.0-1 (source) into unstable (Laszlo Boszormenyi (GCS)) (signed by: Laszlo Boszormenyi)
  • [2021-01-07] libcrypto++ 8.4.0-1 MIGRATED to testing (Debian testing watch)
  • [2021-01-02] Accepted libcrypto++ 8.4.0-1 (source) into unstable (Laszlo Boszormenyi (GCS)) (signed by: Laszlo Boszormenyi)
  • [2020-12-31] libcrypto++ 8.3.0-3 MIGRATED to testing (Debian testing watch)
  • [2020-12-25] Accepted libcrypto++ 8.3.0-3 (source) into unstable (Laszlo Boszormenyi (GCS)) (signed by: Laszlo Boszormenyi)
  • [2020-12-22] Accepted libcrypto++ 8.3.0-2 (source) into experimental (Laszlo Boszormenyi (GCS)) (signed by: Laszlo Boszormenyi)
  • [2020-12-20] Accepted libcrypto++ 8.3.0-1 (source) into experimental (Laszlo Boszormenyi (GCS)) (signed by: Laszlo Boszormenyi)
  • [2020-09-22] libcrypto++ 5.6.4-10 MIGRATED to testing (Debian testing watch)
  • [2020-09-16] Accepted libcrypto++ 5.6.4-10 (source) into unstable (Laszlo Boszormenyi (GCS)) (signed by: Laszlo Boszormenyi)
  • [2019-08-14] libcrypto++ 5.6.4-9 MIGRATED to testing (Debian testing watch)
  • [2019-08-11] Accepted libcrypto++ 5.6.4-9 (source) into unstable (Laszlo Boszormenyi (GCS)) (signed by: Laszlo Boszormenyi)
  • [2019-08-11] Accepted libcrypto++ 8.2.0-2 (source) into experimental (Laszlo Boszormenyi (GCS)) (signed by: Laszlo Boszormenyi)
  • [2019-04-29] Accepted libcrypto++ 8.2.0-1 (source) into experimental (Laszlo Boszormenyi (GCS)) (signed by: Laszlo Boszormenyi)
  • [2019-03-03] Accepted libcrypto++ 8.1.0-2 (source) into experimental (Laszlo Boszormenyi (GCS)) (signed by: Laszlo Boszormenyi)
  • [2019-02-27] Accepted libcrypto++ 8.1.0-1 (source) into experimental (Laszlo Boszormenyi (GCS)) (signed by: Laszlo Boszormenyi)
  • [2019-01-10] Accepted libcrypto++ 8.0.0-1 (source amd64 all) into experimental, experimental (Laszlo Boszormenyi (GCS)) (signed by: Laszlo Boszormenyi)
  • [2018-04-11] Accepted libcrypto++ 7.0.0-1 (source amd64 all) into experimental, experimental (Laszlo Boszormenyi (GCS)) (signed by: Laszlo Boszormenyi)
  • 1
  • 2
bugs [bug history graph]
  • all: 5
  • RC: 0
  • I&N: 5
  • M&W: 0
  • F&P: 0
  • patch: 1
links
  • homepage
  • lintian (1, 0)
  • buildd: logs, checks, reproducibility, cross
  • popcon
  • browse source code
  • edit tags
  • other distros
  • security tracker
  • debian patches
ubuntu Ubuntu logo [Information about Ubuntu for Debian Developers]
  • version: 8.8.0-1
  • 6 bugs

Debian Package Tracker — Copyright 2013-2018 The Distro Tracker Developers
Report problems to the tracker.debian.org pseudo-package in the Debian BTS.
Documentation — Bugs — Git Repository — Contributing