From nettle-3.9.1 release notes: """ NEWS for the Nettle 3.9.1 release This is a bugfix release, fixing a few bugs reported for Nettle-3.9. The bug in the new OCB code may be exploitable for denial of service or worse, since triggering it leads to memory corruption. Upgrading from Nettle-3.9 to the new version is strongly recommended. """
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=92d3f4da6045ef59eb4fa4ac99e63ef5f4c2fc95 commit 92d3f4da6045ef59eb4fa4ac99e63ef5f4c2fc95 Author: Sam James <sam@gentoo.org> AuthorDate: 2023-06-01 22:30:46 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-06-01 22:30:46 +0000 dev-libs/nettle: add 3.9.1 Bug: https://bugs.gentoo.org/907673 Signed-off-by: Sam James <sam@gentoo.org> dev-libs/nettle/Manifest | 2 + dev-libs/nettle/nettle-3.9.1.ebuild | 89 +++++++++++++++++++++++++++++++++++++ 2 files changed, 91 insertions(+)
*** Bug 918610 has been marked as a duplicate of this bug. ***
Let's tack this onto the the GLSA since we're doing a GLSA already for bug 806839.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=9948613604a215d86e6a6c8ec06c466da8195f4c commit 9948613604a215d86e6a6c8ec06c466da8195f4c Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2024-01-16 13:42:42 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2024-01-16 13:43:13 +0000 [ GLSA 202401-24 ] Nettle: Denial of Service Bug: https://bugs.gentoo.org/806839 Bug: https://bugs.gentoo.org/907673 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202401-24.xml | 44 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+)