diff --git a/libnettle.changes b/libnettle.changes index 8015701..364a5ab 100644 --- a/libnettle.changes +++ b/libnettle.changes @@ -1,3 +1,14 @@ +------------------------------------------------------------------- +Sun Mar 21 10:17:35 UTC 2021 - Andreas Stieger + +- GNU Nettle 3.7.2: + * fix a bug in ECDSA signature verification that could lead to a + denial of service attack (via an assertion failure) or possibly + incorrect results (boo#1183835) + * fix a few related problems where scalars are required to be + canonically reduced modulo the ECC group order, but in fact may + be slightly larger + ------------------------------------------------------------------- Thu Feb 18 09:24:00 UTC 2021 - Andreas Stieger diff --git a/libnettle.spec b/libnettle.spec index e4d72ce..bcb7b49 100644 --- a/libnettle.spec +++ b/libnettle.spec @@ -19,7 +19,7 @@ %define soname 8 %define hogweed_soname 6 Name: libnettle -Version: 3.7.1 +Version: 3.7.2 Release: 0 Summary: Cryptographic Library License: LGPL-2.1-or-later AND GPL-2.0-or-later diff --git a/nettle-3.7.1.tar.gz b/nettle-3.7.1.tar.gz deleted file mode 100644 index dfbe2a3..0000000 --- a/nettle-3.7.1.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:156621427c7b00a75ff9b34b770b95d34f80ef7a55c3407de94b16cbf436c42e -size 2380974 diff --git a/nettle-3.7.1.tar.gz.sig b/nettle-3.7.1.tar.gz.sig deleted file mode 100644 index 923e442..0000000 Binary files a/nettle-3.7.1.tar.gz.sig and /dev/null differ diff --git a/nettle-3.7.2.tar.gz b/nettle-3.7.2.tar.gz new file mode 100644 index 0000000..c6344b5 --- /dev/null +++ b/nettle-3.7.2.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:8d2a604ef1cde4cd5fb77e422531ea25ad064679ff0adf956e78b3352e0ef162 +size 2382309 diff --git a/nettle-3.7.2.tar.gz.sig b/nettle-3.7.2.tar.gz.sig new file mode 100644 index 0000000..cfe89c4 Binary files /dev/null and b/nettle-3.7.2.tar.gz.sig differ