Register | Log in

python-ecdsa

ECDSA cryptographic signature library (Python 3)

Choose email to subscribe with

general

source: python-ecdsa (main)
version: 0.19.1-1
maintainer: Debian Python Team (DMD)
uploaders: Josue Ortega [DMD]
arch: all
std-ver: 4.6.1
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 0.16.1-1
oldstable: 0.18.0-3
stable: 0.19.1-1
testing: 0.19.1-1
unstable: 0.19.1-1

versioned links

0.16.1-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.18.0-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.19.1-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

python3-ecdsa

action needed

1 security issue in trixie high

There is 1 open security issue in trixie.

1 important issue:

CVE-2026-33936: The `ecdsa` PyPI package is a pure Python implementation of ECC (Elliptic Curve Cryptography) with support for ECDSA (Elliptic Curve Digital Signature Algorithm), EdDSA (Edwards-curve Digital Signature Algorithm) and ECDH (Elliptic Curve Diffie-Hellman). Prior to version 0.19.2, an issue in the low-level DER parsing functions can cause unexpected exceptions to be raised from the public API functions. `ecdsa.der.remove_octet_string()` accepts truncated DER where the encoded length exceeds the available buffer. For example, an OCTET STRING that declares a length of 4096 bytes but provides only 3 bytes is parsed successfully instead of being rejected. Because of that, a crafted DER input can cause `SigningKey.from_der()` to raise an internal exception (`IndexError: index out of bounds on dimension 1`) rather than cleanly rejecting malformed DER (e.g., raising `UnexpectedDER` or `ValueError`). Applications that parse untrusted DER private keys may crash if they do not handle unexpected exceptions, resulting in a denial of service. Version 0.19.2 patches the issue.

Created: 2026-03-28 Last update: 2026-03-28 18:02

1 security issue in sid high

There is 1 open security issue in sid.

1 important issue:

CVE-2026-33936: The `ecdsa` PyPI package is a pure Python implementation of ECC (Elliptic Curve Cryptography) with support for ECDSA (Elliptic Curve Digital Signature Algorithm), EdDSA (Edwards-curve Digital Signature Algorithm) and ECDH (Elliptic Curve Diffie-Hellman). Prior to version 0.19.2, an issue in the low-level DER parsing functions can cause unexpected exceptions to be raised from the public API functions. `ecdsa.der.remove_octet_string()` accepts truncated DER where the encoded length exceeds the available buffer. For example, an OCTET STRING that declares a length of 4096 bytes but provides only 3 bytes is parsed successfully instead of being rejected. Because of that, a crafted DER input can cause `SigningKey.from_der()` to raise an internal exception (`IndexError: index out of bounds on dimension 1`) rather than cleanly rejecting malformed DER (e.g., raising `UnexpectedDER` or `ValueError`). Applications that parse untrusted DER private keys may crash if they do not handle unexpected exceptions, resulting in a denial of service. Version 0.19.2 patches the issue.

Created: 2026-03-28 Last update: 2026-03-28 18:02

1 security issue in forky high

There is 1 open security issue in forky.

1 important issue:

CVE-2026-33936: The `ecdsa` PyPI package is a pure Python implementation of ECC (Elliptic Curve Cryptography) with support for ECDSA (Elliptic Curve Digital Signature Algorithm), EdDSA (Edwards-curve Digital Signature Algorithm) and ECDH (Elliptic Curve Diffie-Hellman). Prior to version 0.19.2, an issue in the low-level DER parsing functions can cause unexpected exceptions to be raised from the public API functions. `ecdsa.der.remove_octet_string()` accepts truncated DER where the encoded length exceeds the available buffer. For example, an OCTET STRING that declares a length of 4096 bytes but provides only 3 bytes is parsed successfully instead of being rejected. Because of that, a crafted DER input can cause `SigningKey.from_der()` to raise an internal exception (`IndexError: index out of bounds on dimension 1`) rather than cleanly rejecting malformed DER (e.g., raising `UnexpectedDER` or `ValueError`). Applications that parse untrusted DER private keys may crash if they do not handle unexpected exceptions, resulting in a denial of service. Version 0.19.2 patches the issue.

Created: 2026-03-28 Last update: 2026-03-28 18:02

1 security issue in bullseye high

There is 1 open security issue in bullseye.

1 important issue:

CVE-2026-33936: The `ecdsa` PyPI package is a pure Python implementation of ECC (Elliptic Curve Cryptography) with support for ECDSA (Elliptic Curve Digital Signature Algorithm), EdDSA (Edwards-curve Digital Signature Algorithm) and ECDH (Elliptic Curve Diffie-Hellman). Prior to version 0.19.2, an issue in the low-level DER parsing functions can cause unexpected exceptions to be raised from the public API functions. `ecdsa.der.remove_octet_string()` accepts truncated DER where the encoded length exceeds the available buffer. For example, an OCTET STRING that declares a length of 4096 bytes but provides only 3 bytes is parsed successfully instead of being rejected. Because of that, a crafted DER input can cause `SigningKey.from_der()` to raise an internal exception (`IndexError: index out of bounds on dimension 1`) rather than cleanly rejecting malformed DER (e.g., raising `UnexpectedDER` or `ValueError`). Applications that parse untrusted DER private keys may crash if they do not handle unexpected exceptions, resulting in a denial of service. Version 0.19.2 patches the issue.

Created: 2026-03-28 Last update: 2026-03-28 18:02

1 security issue in bookworm high

There is 1 open security issue in bookworm.

1 important issue:

CVE-2026-33936: The `ecdsa` PyPI package is a pure Python implementation of ECC (Elliptic Curve Cryptography) with support for ECDSA (Elliptic Curve Digital Signature Algorithm), EdDSA (Edwards-curve Digital Signature Algorithm) and ECDH (Elliptic Curve Diffie-Hellman). Prior to version 0.19.2, an issue in the low-level DER parsing functions can cause unexpected exceptions to be raised from the public API functions. `ecdsa.der.remove_octet_string()` accepts truncated DER where the encoded length exceeds the available buffer. For example, an OCTET STRING that declares a length of 4096 bytes but provides only 3 bytes is parsed successfully instead of being rejected. Because of that, a crafted DER input can cause `SigningKey.from_der()` to raise an internal exception (`IndexError: index out of bounds on dimension 1`) rather than cleanly rejecting malformed DER (e.g., raising `UnexpectedDER` or `ValueError`). Applications that parse untrusted DER private keys may crash if they do not handle unexpected exceptions, resulting in a denial of service. Version 0.19.2 patches the issue.

Created: 2026-03-28 Last update: 2026-03-28 18:02

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.7.3 instead of 4.6.1).

Created: 2022-12-17 Last update: 2025-12-23 20:00

news

[2025-03-26] python-ecdsa 0.19.1-1 MIGRATED to testing (Debian testing watch)
[2025-03-23] Accepted python-ecdsa 0.19.1-1 (source) into unstable (Colin Watson)
[2024-05-11] python-ecdsa 0.19.0-2 MIGRATED to testing (Debian testing watch)
[2024-04-30] Accepted python-ecdsa 0.19.0-2 (source) into unstable (Colin Watson)
[2024-04-24] Accepted python-ecdsa 0.19.0-1 (source) into unstable (Alexandre Detiste)
[2024-01-10] python-ecdsa 0.18.0-5 MIGRATED to testing (Debian testing watch)
[2024-01-08] python-ecdsa 0.18.0-4 MIGRATED to testing (Debian testing watch)
[2024-01-07] Accepted python-ecdsa 0.18.0-5 (source) into unstable (Alexandre Detiste)
[2024-01-06] Accepted python-ecdsa 0.18.0-4 (source) into unstable (Alexandre Detiste)
[2022-12-25] python-ecdsa 0.18.0-3 MIGRATED to testing (Debian testing watch)
[2022-12-21] Accepted python-ecdsa 0.18.0-3 (source) into unstable (Nilesh Patra)
[2022-10-24] python-ecdsa 0.18.0-2 MIGRATED to testing (Debian testing watch)
[2022-10-22] Accepted python-ecdsa 0.18.0-2 (source) into unstable (Jelmer Vernooĳ) (signed by: Jelmer Vernooij)
[2022-07-23] python-ecdsa 0.18.0-1 MIGRATED to testing (Debian testing watch)
[2022-07-20] Accepted python-ecdsa 0.18.0-1 (source) into unstable (Josue Ortega)
[2022-06-26] python-ecdsa 0.18.0~b2-1 MIGRATED to testing (Debian testing watch)
[2022-06-23] Accepted python-ecdsa 0.18.0~b2-1 (source) into unstable (Timo Röhling)
[2021-11-04] python-ecdsa 0.18.0~b1-1 MIGRATED to testing (Debian testing watch)
[2021-11-04] python-ecdsa 0.18.0~b1-1 MIGRATED to testing (Debian testing watch)
[2021-11-02] Accepted python-ecdsa 0.18.0~b1-1 (source) into unstable (Josue Ortega)
[2021-06-30] Accepted python-ecdsa 0.17.0-1 (source) into experimental (Josue Ortega)
[2021-01-27] python-ecdsa 0.16.1-1 MIGRATED to testing (Debian testing watch)
[2021-01-24] Accepted python-ecdsa 0.16.1-1 (source) into unstable (Josue Ortega)
[2020-11-07] python-ecdsa 0.16.0-1 MIGRATED to testing (Debian testing watch)
[2020-11-04] Accepted python-ecdsa 0.16.0-1 (source) into unstable (Josue Ortega)
[2020-03-26] python-ecdsa 0.15-1 MIGRATED to testing (Debian testing watch)
[2020-03-24] Accepted python-ecdsa 0.15-1 (source) into unstable (Josue Ortega)
[2020-01-02] python-ecdsa 0.14.1-1 MIGRATED to testing (Debian testing watch)
[2019-12-30] Accepted python-ecdsa 0.14.1-1 (source) into unstable (Josue Ortega)
[2019-12-21] Accepted python-ecdsa 0.13-2+deb9u1 (source) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates (Josue Ortega)

1
2

bugs [bug history graph]

all: 1
RC: 0
I&N: 1
M&W: 0
F&P: 0
patch: 0

links

homepage
lintian
buildd: logs, reproducibility
popcon
browse source code
edit tags
other distros
security tracker
debian patches
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 0.19.1-1

Debian Package Tracker — Copyright 2013-2025 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Bugs — Git Repository — Contributing