Univention Bugzilla – Bug 50654
python-ecdsa: Multiple issues (4.3)
Last modified: 2019-12-18 13:48:06 CET
New Debian python-ecdsa 0.13-2+deb9u1 fixes: This update addresses the following issues: * Unexpected and undocumented exceptions during signature decoding (CVE-2019-14853) * DER encoding is not being verified in signatures (CVE-2019-14859)
--- mirror/ftp/4.3/unmaintained/4.3-0/source/python-ecdsa_0.13-2.dsc +++ apt/ucs_4.3-0-errata4.3-5/source/python-ecdsa_0.13-2+deb9u1.dsc @@ -1,3 +1,9 @@ +0.13-2+deb9u1 [Sat, 07 Dec 2019 09:44:47 -0600] Josue Ortega <josue@debian.org>: + * Add patch for strict error checking in DER decoding integers. + Fix: + - CVE-2019-14853 + - CVE-2019-14859 + 0.13-2 [Sat, 25 Apr 2015 12:19:22 +0200] Sebastian Ramacher <sramacher@debian.org>: * Upload to unstable. <http://10.200.17.11/4.3-5/#7503642593351263899>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.3-5] ab0694749c Bug #50654: python-ecdsa 0.13-2+deb9u1 doc/errata/staging/python-ecdsa.yaml | 15 +++++++++++++++ 1 file changed, 15 insertions(+)
<http://errata.software-univention.de/ucs/4.3/624.html>