libcrypto++ - Debian Package Tracker

general

source: libcrypto++ (main)
version: 8.9.0-1
maintainer: Laszlo Boszormenyi (GCS) (DMD)
arch: all any
std-ver: 4.6.2
VCS: unknown

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 5.6.4-8
oldstable: 8.4.0-1
stable: 8.7.0+git220824-1
testing: 8.8.0-2
unstable: 8.9.0-1

versioned links

5.6.4-8: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
8.4.0-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
8.7.0+git220824-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
8.8.0-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
8.9.0-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libcrypto++-dev (1 bugs: 0, 1, 0, 0)
libcrypto++-doc
libcrypto++-utils (1 bugs: 0, 1, 0, 0)
libcrypto++8 (2 bugs: 0, 2, 0, 0)

action needed

1 security issue in trixie high

There is 1 open security issue in trixie.

1 important issue:

CVE-2022-48570: Crypto++ through 8.4 contains a timing side channel in ECDSA signature generation. Function FixedSizeAllocatorWithCleanup could write to memory outside of the allocation if the allocated memory was not 16-byte aligned. NOTE: this issue exists because the CVE-2019-14318 fix was intentionally removed for functionality reasons.

Created: 2023-08-23 Last update: 2023-10-03 00:54

1 security issue in sid high

There is 1 open security issue in sid.

1 important issue:

CVE-2022-48570: Crypto++ through 8.4 contains a timing side channel in ECDSA signature generation. Function FixedSizeAllocatorWithCleanup could write to memory outside of the allocation if the allocated memory was not 16-byte aligned. NOTE: this issue exists because the CVE-2019-14318 fix was intentionally removed for functionality reasons.

Created: 2023-08-23 Last update: 2023-10-03 00:54

lintian reports 1 error high

Lintian reports 1 error about this package. You should make the package lintian clean getting rid of them.

Created: 2023-07-08 Last update: 2023-07-08 10:38

1 bug tagged patch in the BTS normal

The BTS contains patches fixing 1 bug, consider including or untagging them.

Created: 2023-09-13 Last update: 2023-10-08 02:32

2 low-priority security issues in bullseye low

There are 2 open security issues in bullseye.

2 issues left for the package maintainer to handle:

CVE-2021-40530: (needs triaging) The ElGamal implementation in Crypto++ through 8.5 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP.
CVE-2022-48570: (needs triaging) Crypto++ through 8.4 contains a timing side channel in ECDSA signature generation. Function FixedSizeAllocatorWithCleanup could write to memory outside of the allocation if the allocated memory was not 16-byte aligned. NOTE: this issue exists because the CVE-2019-14318 fix was intentionally removed for functionality reasons.

You can find information about how to handle these issues in the security team's documentation.

Created: 2022-07-04 Last update: 2023-10-03 00:54

1 low-priority security issue in bookworm low

There is 1 open security issue in bookworm.

1 issue left for the package maintainer to handle:

CVE-2022-48570: (needs triaging) Crypto++ through 8.4 contains a timing side channel in ECDSA signature generation. Function FixedSizeAllocatorWithCleanup could write to memory outside of the allocation if the allocated memory was not 16-byte aligned. NOTE: this issue exists because the CVE-2019-14318 fix was intentionally removed for functionality reasons.

You can find information about how to handle this issue in the security team's documentation.

Created: 2023-08-23 Last update: 2023-10-03 00:54

Build log checks report 1 warning low

Build log checks report 1 warning

Created: 2023-09-07 Last update: 2023-09-07 23:30

testing migrations

excuses:
- Migration status for libcrypto++ (8.8.0-2 to 8.9.0-1): Will attempt migration (Any information below is purely informational)
- Additional info:
- ∙ ∙ Piuparts tested OK - https://piuparts.debian.org/sid/source/libc/libcrypto++.html
- ∙ ∙ 5 days old (needed 5 days)

news

[rss feed]

[2023-10-02] Accepted libcrypto++ 8.9.0-1 (source) into unstable (Laszlo Boszormenyi (GCS)) (signed by: Laszlo Boszormenyi)
[2023-09-12] libcrypto++ 8.8.0-2 MIGRATED to testing (Debian testing watch)
[2023-09-07] Accepted libcrypto++ 8.8.0-2 (source) into unstable (Laszlo Boszormenyi (GCS)) (signed by: Laszlo Boszormenyi)
[2023-07-13] libcrypto++ 8.8.0-1 MIGRATED to testing (Debian testing watch)
[2023-07-07] Accepted libcrypto++ 8.8.0-1 (source) into unstable (Laszlo Boszormenyi (GCS)) (signed by: Laszlo Boszormenyi)
[2022-09-04] libcrypto++ 8.7.0+git220824-1 MIGRATED to testing (Debian testing watch)
[2022-08-25] Accepted libcrypto++ 8.7.0+git220824-1 (source) into unstable (Laszlo Boszormenyi (GCS)) (signed by: Laszlo Boszormenyi)
[2022-08-13] Accepted libcrypto++ 8.7.0-1 (source) into unstable (Laszlo Boszormenyi (GCS)) (signed by: Laszlo Boszormenyi)
[2022-02-18] libcrypto++ 8.6.0-3 MIGRATED to testing (Debian testing watch)
[2022-02-12] Accepted libcrypto++ 8.6.0-3 (source) into unstable (Laszlo Boszormenyi (GCS)) (signed by: Laszlo Boszormenyi)
[2021-09-28] libcrypto++ 8.6.0-2 MIGRATED to testing (Debian testing watch)
[2021-09-26] Accepted libcrypto++ 8.6.0-2 (source) into unstable (Laszlo Boszormenyi (GCS)) (signed by: Laszlo Boszormenyi)
[2021-09-25] Accepted libcrypto++ 8.6.0-1 (source) into unstable (Laszlo Boszormenyi (GCS)) (signed by: Laszlo Boszormenyi)
[2021-09-13] libcrypto++ 8.5.0-1 MIGRATED to testing (Debian testing watch)
[2021-09-07] Accepted libcrypto++ 8.5.0-1 (source) into unstable (Laszlo Boszormenyi (GCS)) (signed by: Laszlo Boszormenyi)
[2021-01-07] libcrypto++ 8.4.0-1 MIGRATED to testing (Debian testing watch)
[2021-01-02] Accepted libcrypto++ 8.4.0-1 (source) into unstable (Laszlo Boszormenyi (GCS)) (signed by: Laszlo Boszormenyi)
[2020-12-31] libcrypto++ 8.3.0-3 MIGRATED to testing (Debian testing watch)
[2020-12-25] Accepted libcrypto++ 8.3.0-3 (source) into unstable (Laszlo Boszormenyi (GCS)) (signed by: Laszlo Boszormenyi)
[2020-12-22] Accepted libcrypto++ 8.3.0-2 (source) into experimental (Laszlo Boszormenyi (GCS)) (signed by: Laszlo Boszormenyi)
[2020-12-20] Accepted libcrypto++ 8.3.0-1 (source) into experimental (Laszlo Boszormenyi (GCS)) (signed by: Laszlo Boszormenyi)
[2020-09-22] libcrypto++ 5.6.4-10 MIGRATED to testing (Debian testing watch)
[2020-09-16] Accepted libcrypto++ 5.6.4-10 (source) into unstable (Laszlo Boszormenyi (GCS)) (signed by: Laszlo Boszormenyi)
[2019-08-14] libcrypto++ 5.6.4-9 MIGRATED to testing (Debian testing watch)
[2019-08-11] Accepted libcrypto++ 5.6.4-9 (source) into unstable (Laszlo Boszormenyi (GCS)) (signed by: Laszlo Boszormenyi)
[2019-08-11] Accepted libcrypto++ 8.2.0-2 (source) into experimental (Laszlo Boszormenyi (GCS)) (signed by: Laszlo Boszormenyi)
[2019-04-29] Accepted libcrypto++ 8.2.0-1 (source) into experimental (Laszlo Boszormenyi (GCS)) (signed by: Laszlo Boszormenyi)
[2019-03-03] Accepted libcrypto++ 8.1.0-2 (source) into experimental (Laszlo Boszormenyi (GCS)) (signed by: Laszlo Boszormenyi)
[2019-02-27] Accepted libcrypto++ 8.1.0-1 (source) into experimental (Laszlo Boszormenyi (GCS)) (signed by: Laszlo Boszormenyi)
[2019-01-10] Accepted libcrypto++ 8.0.0-1 (source amd64 all) into experimental, experimental (Laszlo Boszormenyi (GCS)) (signed by: Laszlo Boszormenyi)

bugs [bug history graph]

all: 5
RC: 0
I&N: 5
M&W: 0
F&P: 0
patch: 1

links

homepage
lintian (1, 0)
buildd: logs, checks, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker
debian patches

ubuntu

[Information about Ubuntu for Debian Developers]

version: 8.8.0-1
6 bugs