Your message dated Sat, 10 Jan 2026 17:17:06 +0000
with message-id <[email protected]>
and subject line Bug#1124374: fixed in libsodium 1.0.18-1+deb13u1
has caused the Debian Bug report #1124374,
regarding libsodium: CVE-2025-69277
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1124374: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1124374
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: libsodium
Version: 1.0.18-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for libsodium.
CVE-2025-69277[0]:
| libsodium before ad3004e, in atypical use cases involving certain
| custom cryptography or untrusted data to
| crypto_core_ed25519_is_valid_point, mishandles checks for whether an
| elliptic curve point is valid because it sometimes allows points
| that aren't in the main cryptographic group.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-69277
https://www.cve.org/CVERecord?id=CVE-2025-69277
[1] https://00f.net/2025/12/30/libsodium-vulnerability/
[2]
https://github.com/jedisct1/libsodium/commit/ad3004ec8731730e93fcfbbc824e67eadc1c1bae
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: libsodium
Source-Version: 1.0.18-1+deb13u1
Done: Laszlo Boszormenyi (GCS) <[email protected]>
We believe that the bug you reported is fixed in the latest version of
libsodium, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Laszlo Boszormenyi (GCS) <[email protected]> (supplier of updated libsodium
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 01 Jan 2026 10:36:18 +0100
Source: libsodium
Architecture: source
Version: 1.0.18-1+deb13u1
Distribution: trixie-security
Urgency: medium
Maintainer: Laszlo Boszormenyi (GCS) <[email protected]>
Changed-By: Laszlo Boszormenyi (GCS) <[email protected]>
Closes: 1124374
Changes:
libsodium (1.0.18-1+deb13u1) trixie-security; urgency=medium
.
* Backport security fix for CVE-2025-69277: mishandled checks for whether
an elliptic curve point is valid (closes: #1124374).
Checksums-Sha1:
eae2117cf5f787eb0c4b6fc414df406d9ed591f0 1945 libsodium_1.0.18-1+deb13u1.dsc
cd8a76b79aeb077e8d3eea478ea6241972593dfd 1619527 libsodium_1.0.18.orig.tar.gz
f72094a4c2a735f7dc7c1f783e59563dccd18cc9 8252
libsodium_1.0.18-1+deb13u1.debian.tar.xz
Checksums-Sha256:
6954dd20ba6576b98802cd89fb7661c724d86e628da4af6cea6fac195534b628 1945
libsodium_1.0.18-1+deb13u1.dsc
d59323c6b712a1519a5daf710b68f5e7fde57040845ffec53850911f10a5d4f4 1619527
libsodium_1.0.18.orig.tar.gz
86110bbca36b16567bc35971486c4e6bd4aaf59e74310bc0faf76840ac4e2afe 8252
libsodium_1.0.18-1+deb13u1.debian.tar.xz
Files:
a97d5c846ad67473ec30d81f74add901 1945 libs optional
libsodium_1.0.18-1+deb13u1.dsc
94a783f33ff8a97a09708bc61370d280 1619527 libs optional
libsodium_1.0.18.orig.tar.gz
19e738123b9d9c021a36416aa938bee2 8252 libs optional
libsodium_1.0.18-1+deb13u1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEfYh9yLp7u6e4NeO63OMQ54ZMyL8FAmlZYGIACgkQ3OMQ54ZM
yL9yPw//YYZIM8sxHs6kMHlX4BvoPAXeJsZ9xV24jwoAS3FL/ByQi3xOCXOBRYCm
Jbry1NDlI2F1eMxUXds0yHAGqF0hEIfFJhwC9MMCIWmwa9fan9n3WERps5pbTYcd
wwNyE9MjSO0fdITbQaxwVys0rV8+zjVgDtItBQRF+eVjUwbwxGRV6Uptr66uzd5q
KQaZeP26F8q1xDa2KuQLY5wqUHBlYbvKB5pk4JbvBE1uUzyTALg71Hulo2oojGrl
f38Y5jtyLGjIVMg1Ni7H02rvcaXGFnT7/u5yG3RVphrjMFPJTOPXsV7Fdg7b6s08
CDiRW8LEAaQ4nDhQUzwU45yccHbWfWnJQ/AdPlqMqi6c0JdHesKlzKI4jiOWN24e
E+TyCUlas/oxmxPZ81WYqUTvGGnejC99uOQ3ZjPH75O7KPDmU+0eSv/CNLnCPzRw
S4Csejr+IoOJfjyiN4GkIPc1J33c0wHq6pasF1iOARU3KG++tYoc/5N0sZz/JTIk
6G85Rnc+9WRgEGRMqE6b2WV17bDL2Uf270R9BZLk4hLAh8sck7w3+2ij/2oqk8N9
8uF5N8HmBSW2AJVYDVA2ZVwRCXBxYv1B9/mIDYe6qaMu7qnvi1eHw3q5XX/J2Ifw
d+5ugHHfAMRav/ABwBWhrXhvwBI+T+t6rpAcpYyGeGvhCWsO0Xg=
=pSYm
-----END PGP SIGNATURE-----
pgpwbL62Uw2mZ.pgp
Description: PGP signature
--- End Message ---
