From 094981d46fdad18d23c1f8976391f6ec68fa081378d79702dc4280c4d0b6083f Mon Sep 17 00:00:00 2001 From: Robert Schweikert Date: Mon, 14 Oct 2019 22:02:57 +0000 Subject: [PATCH 1/2] - updated to 0.13.3 (bsc#1153165) + CVE-2019-14853 DOS atack during signature decoding + CVE-2019-14859 signature malleability caused by insufficient checks of DER encoding OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-ecdsa?expand=0&rev=20 --- ecdsa-0.13.2.tar.gz | 3 --- ecdsa-0.13.3.tar.gz | 3 +++ python-ecdsa.changes | 8 ++++++++ python-ecdsa.spec | 2 +- 4 files changed, 12 insertions(+), 4 deletions(-) delete mode 100644 ecdsa-0.13.2.tar.gz create mode 100644 ecdsa-0.13.3.tar.gz diff --git a/ecdsa-0.13.2.tar.gz b/ecdsa-0.13.2.tar.gz deleted file mode 100644 index a969756..0000000 --- a/ecdsa-0.13.2.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:5c034ffa23413ac923541ceb3ac14ec15a0d2530690413bff58c12b80e56d884 -size 61595 diff --git a/ecdsa-0.13.3.tar.gz b/ecdsa-0.13.3.tar.gz new file mode 100644 index 0000000..477f658 --- /dev/null +++ b/ecdsa-0.13.3.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:163c80b064a763ea733870feb96f9dd9b92216cfcacd374837af18e4e8ec3d4d +size 60477 diff --git a/python-ecdsa.changes b/python-ecdsa.changes index b3cfc2a..8310780 100644 --- a/python-ecdsa.changes +++ b/python-ecdsa.changes @@ -1,3 +1,11 @@ +------------------------------------------------------------------- +Mon Oct 14 21:41:55 UTC 2019 - Robert Schweikert + +- updated to 0.13.3 (bsc#1153165) + + CVE-2019-14853 DOS atack during signature decoding + + CVE-2019-14859 signature malleability caused by insufficient checks + of DER encoding + ------------------------------------------------------------------- Tue May 14 07:17:24 UTC 2019 - Ondřej Súkup diff --git a/python-ecdsa.spec b/python-ecdsa.spec index 0279016..8e80f6c 100644 --- a/python-ecdsa.spec +++ b/python-ecdsa.spec @@ -18,7 +18,7 @@ %{?!python_module:%define python_module() python-%{**} python3-%{**}} Name: python-ecdsa -Version: 0.13.2 +Version: 0.13.3 Release: 0 Summary: ECDSA cryptographic signature library (pure python) License: MIT From e49ee4fc67aa55d440f47655e5844a3f4b756a9d2e1783f99798bf045b249764 Mon Sep 17 00:00:00 2001 From: Robert Schweikert Date: Thu, 17 Oct 2019 11:46:33 +0000 Subject: [PATCH 2/2] - Include in SLE-12 (fate#323875, bsc#1054413) - update to 0.13 (bsc#962291) OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-ecdsa?expand=0&rev=21 --- python-ecdsa.changes | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/python-ecdsa.changes b/python-ecdsa.changes index 8310780..5405802 100644 --- a/python-ecdsa.changes +++ b/python-ecdsa.changes @@ -19,6 +19,11 @@ Tue Dec 4 12:47:34 UTC 2018 - Matej Cepl - Remove superfluous devel dependency for noarch package +------------------------------------------------------------------- +Fri Sep 21 12:51:24 UTC 2018 - John Paul Adrian Glaubitz + +- Include in SLE-12 (fate#323875, bsc#1054413) + ------------------------------------------------------------------- Fri Apr 28 11:52:09 UTC 2017 - pousaduarte@gmail.com @@ -28,7 +33,7 @@ Fri Apr 28 11:52:09 UTC 2017 - pousaduarte@gmail.com ------------------------------------------------------------------- Sat Feb 21 01:31:36 UTC 2015 - prusnak@opensuse.org -- update to 0.13 +- update to 0.13 (bsc#962291) Fix the argument order for Curve constructor (put openssl_name= at the end, with a default value) to unbreak compatibility with external callers who used