From debbugs-submit-bounces@debbugs.gnu.org Thu Mar 25 05:52:05 2021 Received: (at 47222) by debbugs.gnu.org; 25 Mar 2021 09:52:05 +0000 Received: from localhost ([127.0.0.1]:37168 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lPMer-0005iN-7f for submit@debbugs.gnu.org; Thu, 25 Mar 2021 05:52:05 -0400 Received: from eggs.gnu.org ([209.51.188.92]:45966) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lPMep-0005ht-Pq for 47222@debbugs.gnu.org; Thu, 25 Mar 2021 05:52:04 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:47903) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lPMei-0007Sp-Bo; Thu, 25 Mar 2021 05:51:56 -0400 Received: from nat-eduroam-36-gw-01-bso.bordeaux.inria.fr ([194.199.1.36]:53688 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1lPMeh-00042B-Qy; Thu, 25 Mar 2021 05:51:56 -0400 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: Niels =?utf-8?Q?M=C3=B6ller?= Subject: Re: bug#47222: Serious bug in Nettle's ecdsa_verify References: <875z1kl24h.fsf@netris.org> Date: Thu, 25 Mar 2021 10:51:51 +0100 In-Reply-To: <875z1kl24h.fsf@netris.org> (Mark H. Weaver's message of "Sun, 21 Mar 2021 15:47:47 -0400") Message-ID: <87h7kzblxk.fsf_-_@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 47222 Cc: 47222@debbugs.gnu.org, nettle-bugs@lists.lysator.liu.se X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) Hi Niels, > I've prepared a new bug-fix release of Nettle, a low-level > cryptographics library, to fix a serious bug in the function to verify > ECDSA signatures. Implications include an assertion failure, which could > be used for denial-of-service, when verifying signatures on the > secp_224r1 and secp521_r1 curves. More details in NEWS file below. > > Upgrading is strongly recomended. Are there plans to make a new 3.5 release including these fixes? Alternatively, could you provide guidance as to which commits should be cherry-picked in 3.5 for downstream distros? I=E2=80=99m asking because in Guix, the easiest way for us to deploy the fi= xes on the =E2=80=98master=E2=80=99 branch would be by =E2=80=9Cgrafting=E2=80= =9D a new Nettle variant ABI-compatible with 3.5.1, which is the one packages currently depend on. Thanks in advance, Ludo=E2=80=99.