security/nettle: Update to 3.7.2
AbandonedPublic
Actions

Authored by crees on Mar 29 2021, 9:55 AM.

Tags

None

Referenced Files

	Unknown Object (File)
	Sun, Apr 21, 8:34 PM

	Unknown Object (File)
	Dec 26 2023, 12:05 PM

	Unknown Object (File)
	Dec 23 2023, 12:28 AM

	Unknown Object (File)
	Sep 12 2023, 6:27 PM

	Unknown Object (File)
	Jun 22 2023, 6:50 PM

	Unknown Object (File)
	May 3 2023, 9:26 PM

	Unknown Object (File)
	Mar 4 2023, 9:31 PM

	Unknown Object (File)
	Feb 28 2023, 5:10 PM

View All 11 Files

Subscribers

lwhsu

mat

Details

Reviewers

sunpoet

Summary

This is a bugfix release, fixing a bug in ECDSA signature
verification that could lead to a denial of service attack
(via an assertion failure) or possibly incorrect results. It
also fixes a few related problems where scalars are required
to be canonically reduced modulo the ECC group order, but in
fact may be slightly larger.

Upgrading to the new version is strongly recommended.

The new version is intended to be fully source and binary
compatible with Nettle-3.6. The shared library names are
libnettle.so.8.3 and libhogweed.so.6.3, with sonames
libnettle.so.8 and libhogweed.so.6.