libnettle/nettle-3.7.3.tar.gz.sig at 373d0ffc4860f7e24e4a5d6d292ad6bc83a6815d7fe5544d05585554ffe6dc5d

SHA256

Pedro Monreal Gonzalez 451ab01db0 Accepting request 898784 from home:polslinux:branches:security:tls

- GNU Nettle 3.7.3:
  * Fix crash for zero input to rsa_sec_decrypt and
    rsa_decrypt_tr. Potential denial of service vector.
  * Ensure that all of rsa_decrypt_tr and rsa_sec_decrypt return
    failure for out of range inputs, instead of either crashing,
    or silently reducing input modulo n. Potential denial of
    service vector.
  * Ensure that rsa_decrypt returns failure for out of range
    inputs, instead of silently reducing input modulo n.
  * Ensure that rsa_sec_decrypt returns failure if the message
    size is too large for the given key. Unlike the other bugs,
    this would typically be triggered by invalid local
    configuration, rather than by processing untrusted remote
    data.

OBS-URL: https://build.opensuse.org/request/show/898784
OBS-URL: https://build.opensuse.org/package/show/security:tls/libnettle?expand=0&rev=21

2021-06-09 15:24:44 +00:00

374 B

Raw History

View Raw

374 B Raw History

374 B

Raw History