Source: libsodium Version: 1.0.18-1 Severity: important Tags: security upstream X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi, The following vulnerability was published for libsodium. CVE-2025-69277[0]: | libsodium before ad3004e, in atypical use cases involving certain | custom cryptography or untrusted data to | crypto_core_ed25519_is_valid_point, mishandles checks for whether an | elliptic curve point is valid because it sometimes allows points | that aren't in the main cryptographic group. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2025-69277 https://www.cve.org/CVERecord?id=CVE-2025-69277 [1] https://00f.net/2025/12/30/libsodium-vulnerability/ [2] https://github.com/jedisct1/libsodium/commit/ad3004ec8731730e93fcfbbc824e67eadc1c1bae Regards, Salvatore
