Bug#969369: buster-pu: package node-elliptic/6.4.1_dfsg-1+deb10u1

To: Xavier Guimard <yadd@debian.org>, 969369@bugs.debian.org
Subject: Bug#969369: buster-pu: package node-elliptic/6.4.1_dfsg-1+deb10u1
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Sat, 19 Sep 2020 14:53:41 +0100
Message-id: <[🔎] 1090464b5255aadeb58b41b59c2781930e120311.camel@adam-barratt.org.uk>
Reply-to: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 969369@bugs.debian.org
In-reply-to: <[🔎] 159895984498.241496.17702681665107345627.reportbug@deb007.xnr.fr>
References: <[🔎] 159895984498.241496.17702681665107345627.reportbug@deb007.xnr.fr> <[🔎] 159895984498.241496.17702681665107345627.reportbug@deb007.xnr.fr>

Control: tags -1 + confirmed

On Tue, 2020-09-01 at 13:30 +0200, Xavier Guimard wrote:
> node-elliptic allows ECDSA signature maleability via variations in
> encoding, leading '\0' bytes, or integer overflows (CVE-2020-13822).
> 
> [ Impact ]
> This could conceivably have a security-relevant impact if an
> application relied on a single canonical signature.
> 

Please go ahead.

Regards,

Adam

Reply to:

References:
- Bug#969369: buster-pu: package node-elliptic/6.4.1_dfsg-1+deb10u1
  - From: Xavier Guimard <yadd@debian.org>

Prev by Date: Processed: Re: Bug#969369: buster-pu: package node-elliptic/6.4.1_dfsg-1+deb10u1
Next by Date: Bug#970518: buster-pu: package edk2/0~20181115.85588389-3+deb10u1
Previous by thread: Processed: Re: Bug#969369: buster-pu: package node-elliptic/6.4.1_dfsg-1+deb10u1
Next by thread: Bug#969369: node-elliptic 6.4.1~dfsg-1+deb10u1 flagged for acceptance
Index(es):
- Date
- Thread