Package: libnettle8 Version: 3.7-2.1 Severity: important Hello,
nettle 3.7.2 features the following fix: | This is a bugfix release, fixing a bug in ECDSA signature | verification that could lead to a denial of service attack | (via an assertion failure) or possibly incorrect results. It | also fixes a few related problems where scalars are required | to be canonically reduced modulo the ECC group order, but in | fact may be slightly larger. | | Upgrading to the new version is strongly recommended. | | Even when no assert is triggered in ecdsa_verify, ECC point | multiplication may get invalid intermediate values as input, | and produce incorrect results. It's trivial to construct | alleged signatures that result in invalid intermediate values. | It appears difficult to construct an alleged signature that | makes the function misbehave in such a way that an invalid | signature is accepted as valid, but such attacks can't be | ruled out without further analysis. A DSA is currently not planned. Please upgrade nettle for sid (and bullseye) to 3.7.2. FWIW I have forked the salsa repo and packaged the new version at <https://salsa.debian.org/ametzler/nettle>. I have not sent a merge request since Debian packaging involves multiple branches. cu Andreas
