CVE-2021-3580: A flaw was found in the way nettle's RSA decryption functions handled specially crafted ciphertext. An attacker could use this flaw to provide a manipulated ciphertext leading to application crash and denial of service. The patches that RedHat neglected to reference in the CVE are at URL and both appear to be released with 3.7.3: https://git.lysator.liu.se/nettle/nettle/-/commit/0ad0b5df315665250dfdaa4a1e087f4799edaefe https://git.lysator.liu.se/nettle/nettle/-/commit/485b5e2820a057e873b1ba812fdb39cae4adf98c So, please stabilize 3.7.3.
*** Bug 807463 has been marked as a duplicate of this bug. ***
amd64 stable
sparc/ppc/ppc64/x86 done
arm done
arm64 done
hppa done
Please cleanup.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=9948613604a215d86e6a6c8ec06c466da8195f4c commit 9948613604a215d86e6a6c8ec06c466da8195f4c Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2024-01-16 13:42:42 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2024-01-16 13:43:13 +0000 [ GLSA 202401-24 ] Nettle: Denial of Service Bug: https://bugs.gentoo.org/806839 Bug: https://bugs.gentoo.org/907673 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202401-24.xml | 44 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+)