ed653df573
Fix CVE-2021-20305: A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply function being called with out-of-range scalers, possibly resulting in incorrect results. This flaw allows an attacker to force an invalid signature, causing an assertion failure or possible validation. The highest threat to this vulnerability is to confidentiality, integrity, as well as system availability. https://git.lysator.liu.se/nettle/nettle/-/blob/nettle_3.7.2_release_20210321/NEWS Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
7 lines
397 B
Plaintext
7 lines
397 B
Plaintext
# Locally calculated after checking pgp signature
|
|
# https://ftp.gnu.org/gnu/nettle/nettle-3.7.2.tar.gz.sig
|
|
sha256 8d2a604ef1cde4cd5fb77e422531ea25ad064679ff0adf956e78b3352e0ef162 nettle-3.7.2.tar.gz
|
|
# Locally calculated
|
|
sha256 a853c2ffec17057872340eee242ae4d96cbf2b520ae27d903e1b2fef1a5f9d1c COPYING.LESSERv3
|
|
sha256 8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643 COPYINGv2
|