This upload is blocked pending discussion in relation to Andreas'
question above.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2064751
Title:
[SRU] revert security-regression in Focal's libcrypto++
I spent a long time trying to understand what happened with this CVE.
- upstream's first attempt at a fix, which misses fixing "leak on binary fields
(EC2N class)": https://github.com/weidai11/cryptopp/issues/869
- it also introduced a regression, so besides an incomplete fix, it introduces
a bu
Hi Mark,
Note that I made a small tweak to the changelog to close this bug.
This looks mostly good to me. The symbol change may make this more
interesting. I learned enough about abi-compliance-checker to do some
analysis there and it claims that the ABI is unchanged, but we would
benefit from
** Changed in: Ubuntu Focal
Assignee: (unassigned) => Dan Bungert (dbungert)
** Package changed: ubuntu => libcrypto++ (Ubuntu)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2064751
Title:
[SR
Andreas asked that I re-verify that Ubuntu Security wishes to make this
change through SRU. We do.
Since the regression was inherited from sid, it feels most appropriate
to SRU a change into -updates. Also, since a working 5.6 patch for
CVE-2019-14318 does not exist we do not have a fix for the se
Marking this as invalid, since devel is not affected. Only focal is
affected.
** Package changed: libcrypto++ (Ubuntu) => ubuntu
** Changed in: ubuntu
Status: New => Invalid
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
http
The attachment "libcrypto++_5.6.4-9ubuntu1.debdiff" seems to be a
debdiff. The ubuntu-sponsors team has been subscribed to the bug report
so that they can review and hopefully sponsor the debdiff. If the
attachment isn't a patch, please remove the "patch" flag from the
attachment, remove the "pat
** Description changed:
[ Impact ]
Focal's libcrypto++ 5.6.4-9 regresses elliptic curve generation. Uploading
this version from Debian appears to have been a mistake.
This is a security regression, but was not published through the security
pocket.
As far as I am aware, Debian
** Description changed:
[ Impact ]
Focal's libcrypto++ 5.6.4-9 regresses elliptic curve generation. Uploading
this version from Debian appears to have been a mistake.
This is a security regression, but was not published through the security
pocket.
As far as I am aware, Debian
** Attachment added: "main.cpp"
https://bugs.launchpad.net/ubuntu/+source/libcrypto++/+bug/2064751/+attachment/5774479/+files/main.cpp
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2064751
Title:
** Patch added: "libcrypto++_5.6.4-9ubuntu1.debdiff"
https://bugs.launchpad.net/ubuntu/+source/libcrypto++/+bug/2064751/+attachment/5774481/+files/libcrypto++_5.6.4-9ubuntu1.debdiff
** Also affects: libcrypto++ (Ubuntu Focal)
Importance: Undecided
Status: New
--
You received this b
11 matches
Mail list logo
