Your message dated Sat, 14 Jan 2017 12:37:03 +0000 with message-id <1484397423.1091.25.camel@adam-barratt.org.uk> and subject line Closing requests included in today's point release has caused the Debian Bug report #843268, regarding jessie-pu: package nettle/2.7.1-5+deb8u2 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 843268: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=843268 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: submit@bugs.debian.org
- Subject: jessie-pu: package nettle/2.7.1-5+deb8u2
- From: Magnus Holmgren <holmgren@debian.org>
- Date: Sat, 05 Nov 2016 18:07:42 +0100
- Message-id: <1534694.vf0Fhcngd0@johansson>
Package: release.debian.org User: release.debian.org@packages.debian.org Usertags: pu Tags: jessie Severity: normal X-Debbugs-Cc: ametzler@bebt.de, carnil@debian.org Hello Stable Release Managers, Here is a debdiff for a proposed upload to address CVE-2016-6489 ("RSA code is vulnerable to cache sharing related attacks") in jessie, which the Security Team thinks should be done but which doesn't warrant a DSA. I added a Breaks: libgnutls-deb0-28 (<< 3.3.8-6+deb8u4) to libhogweed2 to ensure that libgnutls is upgraded first in order to prevent crashes that could in theory occur if nettle_rsa_private_key_prepare() isn't called to check that the private key is valid (see https://bugs.debian.org/840191). The latest Nettle library includes extra safety checks to work with incorrect callers but those can't be backported so easily. -- Magnus Holmgren holmgren@debian.org Debian Developerdiff -Nru nettle-2.7.1/debian/changelog nettle-2.7.1/debian/changelog --- nettle-2.7.1/debian/changelog 2016-02-07 19:52:57.000000000 +0100 +++ nettle-2.7.1/debian/changelog 2016-11-05 17:37:13.000000000 +0100 @@ -1,8 +1,17 @@ +nettle (2.7.1-5+deb8u2) stable; urgency=medium + + * [SECURITY] cve-2016-6489.patch: Protect against potential side-channel + attacks against exponentiation operations as described in + CVE-2016-6489 "RSA code is vulnerable to cache sharing related + attacks" (Closes: #832983). + + -- Magnus Holmgren <holmgren@debian.org> Sat, 05 Nov 2016 17:37:13 +0100 + nettle (2.7.1-5+deb8u1) stable; urgency=low * Fix CVE-2015-8803, CVE-2015-8804, and CVE-2015-8805 (Closes: #813679). - -- Magnus Holmgren <holmgren@debian.org> Sat, 06 Feb 2016 20:01:37 +0100 + -- Magnus Holmgren <holmgren@debian.org> Tue, 09 Feb 2016 20:57:42 +0100 nettle (2.7.1-5) unstable; urgency=medium diff -Nru nettle-2.7.1/debian/control nettle-2.7.1/debian/control --- nettle-2.7.1/debian/control 2015-01-11 20:27:22.000000000 +0100 +++ nettle-2.7.1/debian/control 2016-11-05 17:36:28.000000000 +0100 @@ -36,6 +36,7 @@ Multi-Arch: same Pre-Depends: ${misc:Pre-Depends} Depends: ${shlibs:Depends}, ${misc:Depends} +Breaks: libgnutls-deb0-28 (<< 3.3.8-6+deb8u4) Description: low level cryptographic library (public-key cryptos) Nettle is a cryptographic library that is designed to fit easily in more or less any context: In crypto toolkits for object-oriented languages (C++, diff -Nru nettle-2.7.1/debian/patches/cve-2016-6489.patch nettle-2.7.1/debian/patches/cve-2016-6489.patch --- nettle-2.7.1/debian/patches/cve-2016-6489.patch 1970-01-01 01:00:00.000000000 +0100 +++ nettle-2.7.1/debian/patches/cve-2016-6489.patch 2016-08-04 20:05:32.000000000 +0200 @@ -0,0 +1,87 @@ +Description: Protect against side-channel attacks against exponentiation operations + See https://lists.lysator.liu.se/pipermail/nettle-bugs/2016/003093.html +Bug-Debian: https://bugs.debian.org/832983 + +--- a/dsa-sign.c ++++ b/dsa-sign.c +@@ -47,6 +47,11 @@ _dsa_sign(const struct dsa_public_key *p + mpz_t h; + mpz_t tmp; + ++ /* Check that p is odd, so that invalid keys don't result in a crash ++ inside mpz_powm_sec. */ ++ if (mpz_even_p (pub->p)) ++ return 0; ++ + /* Require precise match of bitsize of q and hash size. The general + description of DSA in FIPS186-3 allows both larger and smaller q; + in the the latter case, the hash must be truncated to the right +@@ -63,7 +68,7 @@ _dsa_sign(const struct dsa_public_key *p + mpz_add_ui(k, k, 1); + + /* Compute r = (g^k (mod p)) (mod q) */ +- mpz_powm(tmp, pub->g, k, pub->p); ++ mpz_powm_sec(tmp, pub->g, k, pub->p); + mpz_fdiv_r(signature->r, tmp, pub->q); + + /* Compute hash */ +--- a/rsa-blind.c ++++ b/rsa-blind.c +@@ -53,7 +53,7 @@ _rsa_blind (const struct rsa_public_key + while (!mpz_invert (ri, r, pub->n)); + + /* c = c*(r^e) mod n */ +- mpz_powm(r, r, pub->e, pub->n); ++ mpz_powm_sec(r, r, pub->e, pub->n); + mpz_mul(c, c, r); + mpz_fdiv_r(c, c, pub->n); + +--- a/rsa-sign.c ++++ b/rsa-sign.c +@@ -88,11 +88,11 @@ rsa_compute_root(const struct rsa_privat + + /* Compute xq = m^d % q = (m%q)^b % q */ + mpz_fdiv_r(xq, m, key->q); +- mpz_powm(xq, xq, key->b, key->q); ++ mpz_powm_sec(xq, xq, key->b, key->q); + + /* Compute xp = m^d % p = (m%p)^a % p */ + mpz_fdiv_r(xp, m, key->p); +- mpz_powm(xp, xp, key->a, key->p); ++ mpz_powm_sec(xp, xp, key->a, key->p); + + /* Set xp' = (xp - xq) c % p. */ + mpz_sub(xp, xp, xq); +--- a/rsa.c ++++ b/rsa.c +@@ -56,7 +56,13 @@ unsigned + _rsa_check_size(mpz_t n) + { + /* Round upwards */ +- unsigned size = (mpz_sizeinbase(n, 2) + 7) / 8; ++ unsigned size; ++ ++ /* Even moduli are invalid, and not supported by mpz_powm_sec. */ ++ if (mpz_even_p (n)) ++ return 0; ++ ++ size = (mpz_sizeinbase(n, 2) + 7) / 8; + + if (size < RSA_MINIMUM_N_OCTETS) + return 0; +--- a/testsuite/rsa-test.c ++++ b/testsuite/rsa-test.c +@@ -57,6 +57,13 @@ test_main(void) + + test_rsa_sha512(&pub, &key, expected); + ++ /* Test detection of invalid keys with even modulo */ ++ mpz_clrbit (pub.n, 0); ++ ASSERT (!rsa_public_key_prepare (&pub)); ++ ++ mpz_clrbit (key.p, 0); ++ ASSERT (!rsa_private_key_prepare (&key)); ++ + /* 777-bit key, generated by + * + * lsh-keygen -a rsa -l 777 -f advanced-hex diff -Nru nettle-2.7.1/debian/patches/series nettle-2.7.1/debian/patches/series --- nettle-2.7.1/debian/patches/series 2016-02-06 19:26:59.000000000 +0100 +++ nettle-2.7.1/debian/patches/series 2016-10-30 22:15:09.000000000 +0100 @@ -1,3 +1,4 @@ fPIC.patch cve-2015-8803_8805.patch cve-2015-8804.patch +cve-2016-6489.patchAttachment: signature.asc
Description: This is a digitally signed message part.
--- End Message ---
--- Begin Message ---
- To: 823517-done@bugs.debian.org, 829606-done@bugs.debian.org, 836795-done@bugs.debian.org, 836823-done@bugs.debian.org, 837105-done@bugs.debian.org, 837428-done@bugs.debian.org, 837558-done@bugs.debian.org, 837575-done@bugs.debian.org, 837607-done@bugs.debian.org, 838396-done@bugs.debian.org, 838780-done@bugs.debian.org, 838869-done@bugs.debian.org, 838882-done@bugs.debian.org, 839242-done@bugs.debian.org, 839531-done@bugs.debian.org, 839656-done@bugs.debian.org, 839731-done@bugs.debian.org, 839814-done@bugs.debian.org, 839907-done@bugs.debian.org, 839927-done@bugs.debian.org, 840127-done@bugs.debian.org, 840188-done@bugs.debian.org, 840191-done@bugs.debian.org, 840350-done@bugs.debian.org, 840378-done@bugs.debian.org, 840379-done@bugs.debian.org, 840942-done@bugs.debian.org, 841462-done@bugs.debian.org, 841681-done@bugs.debian.org, 841767-done@bugs.debian.org, 841979-done@bugs.debian.org, 842013-done@bugs.debian.org, 842509-done@bugs.debian.org, 842938-done@bugs.debian.org, 843171-done@bugs.debian.org, 843268-done@bugs.debian.org, 843411-done@bugs.debian.org, 843426-done@bugs.debian.org, 843508-done@bugs.debian.org, 843775-done@bugs.debian.org, 843999-done@bugs.debian.org, 844150-done@bugs.debian.org, 844161-done@bugs.debian.org, 844746-done@bugs.debian.org, 845156-done@bugs.debian.org, 845263-done@bugs.debian.org, 845387-done@bugs.debian.org, 845443-done@bugs.debian.org, 845474-done@bugs.debian.org, 845564-done@bugs.debian.org, 845570-done@bugs.debian.org, 846017-done@bugs.debian.org, 846031-done@bugs.debian.org, 846352-done@bugs.debian.org, 846948-done@bugs.debian.org, 847273-done@bugs.debian.org, 847921-done@bugs.debian.org, 848341-done@bugs.debian.org, 848610-done@bugs.debian.org, 848829-done@bugs.debian.org, 848908-done@bugs.debian.org, 848926-done@bugs.debian.org, 848942-done@bugs.debian.org, 849004-done@bugs.debian.org, 849020-done@bugs.debian.org, 849175-done@bugs.debian.org, 849438-done@bugs.debian.org, 849467-done@bugs.debian.org, 849538-done@bugs.debian.org, 849698-done@bugs.debian.org, 849725-done@bugs.debian.org, 849865-done@bugs.debian.org, 849869-done@bugs.debian.org, 849962-done@bugs.debian.org, 849967-done@bugs.debian.org, 850084-done@bugs.debian.org, 850154-done@bugs.debian.org, 850214-done@bugs.debian.org, 850539-done@bugs.debian.org, 850542-done@bugs.debian.org, 850563-done@bugs.debian.org, 850566-done@bugs.debian.org, 850567-done@bugs.debian.org, 838109-done@bugs.debian.org, 849488-done@bugs.debian.org
- Subject: Closing requests included in today's point release
- From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
- Date: Sat, 14 Jan 2017 12:37:03 +0000
- Message-id: <1484397423.1091.25.camel@adam-barratt.org.uk>
Version: 8.7 Hi, Each of these bugs refers to an update that was included in today's 8.7 point release. Regards, Adam
--- End Message ---