Hi Magnus, On Sun, Feb 07, 2016 at 11:26:59PM +0100, Magnus Holmgren wrote: > torsdagen den 4 februari 2016 11.09.53 skrev du: > > the following vulnerabilities were published for nettle. > > > > CVE-2015-8803[0]: > > secp256 calculation bug > > > > CVE-2015-8804[1]: > > Miscalculations on secp384 curve > > > > CVE-2015-8805[2]: > > miscomputation bugs in secp-256r1 modulo functions > > I've prepared an upload adding the patches backported to 2.7.1. As far as I > understand, the bugs are unlikely to be exploitable (hence the important > severity). Do you want me to target jessie-security or only stable?
I think an update through the next jessie point release would be fine. Thanks a lot for working on it! Can you contact the stable release managers for an update via jessie-pu? Regards, Salvatore
signature.asc
Description: PGP signature
