Your message dated Sat, 10 Jan 2026 17:17:55 +0000
with message-id <[email protected]>
and subject line Bug#1124374: fixed in libsodium 1.0.18-1+deb12u1
has caused the Debian Bug report #1124374,
regarding libsodium: CVE-2025-69277
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1124374: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1124374
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: libsodium
Version: 1.0.18-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for libsodium.
CVE-2025-69277[0]:
| libsodium before ad3004e, in atypical use cases involving certain
| custom cryptography or untrusted data to
| crypto_core_ed25519_is_valid_point, mishandles checks for whether an
| elliptic curve point is valid because it sometimes allows points
| that aren't in the main cryptographic group.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-69277
https://www.cve.org/CVERecord?id=CVE-2025-69277
[1] https://00f.net/2025/12/30/libsodium-vulnerability/
[2]
https://github.com/jedisct1/libsodium/commit/ad3004ec8731730e93fcfbbc824e67eadc1c1bae
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: libsodium
Source-Version: 1.0.18-1+deb12u1
Done: Laszlo Boszormenyi (GCS) <[email protected]>
We believe that the bug you reported is fixed in the latest version of
libsodium, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Laszlo Boszormenyi (GCS) <[email protected]> (supplier of updated libsodium
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 01 Jan 2026 10:38:08 +0100
Source: libsodium
Architecture: source
Version: 1.0.18-1+deb12u1
Distribution: bookworm-security
Urgency: medium
Maintainer: Laszlo Boszormenyi (GCS) <[email protected]>
Changed-By: Laszlo Boszormenyi (GCS) <[email protected]>
Closes: 1124374
Changes:
libsodium (1.0.18-1+deb12u1) bookworm-security; urgency=medium
.
* Backport security fix for CVE-2025-69277: mishandled checks for whether
an elliptic curve point is valid (closes: #1124374).
Checksums-Sha1:
d7f0186ef0aef9ce41c4173d65149614cb3438eb 1945 libsodium_1.0.18-1+deb12u1.dsc
cd8a76b79aeb077e8d3eea478ea6241972593dfd 1619527 libsodium_1.0.18.orig.tar.gz
8f6747a2f806fe6f534471283475750765ab2cb8 8256
libsodium_1.0.18-1+deb12u1.debian.tar.xz
Checksums-Sha256:
2c23c57b5a9385dab5a1916014c9b5f2cdd7dadeb8a35b28c1bfb603ce7095c4 1945
libsodium_1.0.18-1+deb12u1.dsc
d59323c6b712a1519a5daf710b68f5e7fde57040845ffec53850911f10a5d4f4 1619527
libsodium_1.0.18.orig.tar.gz
f410474e46346b06b162defa05b1be26906aeed6cf309e3d4ebe30b4d1350733 8256
libsodium_1.0.18-1+deb12u1.debian.tar.xz
Files:
4c15f1bcf869c26a2d1b716730af648b 1945 libs optional
libsodium_1.0.18-1+deb12u1.dsc
94a783f33ff8a97a09708bc61370d280 1619527 libs optional
libsodium_1.0.18.orig.tar.gz
47a7ac12a1cb70af12374211db1c088d 8256 libs optional
libsodium_1.0.18-1+deb12u1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEfYh9yLp7u6e4NeO63OMQ54ZMyL8FAmlXtYwACgkQ3OMQ54ZM
yL+LgxAAiM52BJrH6dsZgGfnDtfLvyX91AUeTiZmuEJqvej4N+moOPapfHyFmomu
ARWa2EyJW5jWtt7GSAebkOlp6CcSzKVZVj2yIhrrbqQDbaV1y043BKmPTBvUoTDc
5S+JIJANII8gs6bXTI3UAeTksbZU5K93o5DBt6ztNZdDT4koU68uPwFke+M4w+sQ
QsnXovW2lZFYP4G8VDEMEL0UZmtjZO47fzPOdPis1BCmVui7XN0EE6n4V1aYwisg
vRveEkzjCiCoriGsAglwk14B9xvgD9Cfm9g1msTKlnwJU6PwNhq/FVQdHg3i97Sa
loqx2u5gEpY/ubqI/+vmK5to/rIdM94ALt2VtB32ZfTaKktS0/02fduWy0K46W3J
abUAKr2Ub4+UuNdvqyHDC/3yV81xpEKvN/8utvrl7BBrkFbV2ROWsfazVHynuKXO
KdVdtY3IOY3HWjnTDSWhtfgErySylIgN8PXamBgQD621LHAnZIKyFS6dP/QxYdjR
DM0QAlFJOGIG7SqVe+uW11ow3OHg6RCWD6BJW2e0M5FpE9jxPi3UTzPNooznp3wS
yl5TrwfRLrYlb9gvbEjUTQi8FIYIVJttAbPl5hEUpJDmJl5OqR+CsJiP/07yTLk3
FM8FaC39lmkb7CX/wc+PA8HjRb+6ImgKALc9DgOfSUtypBnCKnA=
=Trwi
-----END PGP SIGNATURE-----
pgpXmqXjBHUAy.pgp
Description: PGP signature
--- End Message ---
