[SECURITY] [DLA 1978-1] python-ecdsa security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 1978-1] python-ecdsa security update
From: Markus Koschany <apo@debian.org>
Date: Wed, 30 Oct 2019 18:39:42 +0100
Message-id: <[🔎] 32034b02-7325-bb51-480e-3c782f01a6d0@debian.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : python-ecdsa
Version        : 0.11-1+deb8u1
CVE ID         : CVE-2019-14853 CVE-2019-14859

It was discovered that python-ecdsa, a cryptographic signature library
for Python, did not correctly verify DER encoded signatures. Malformed
signatures could lead to unexpected exceptions and in some cases did
not raise any exception.

For Debian 8 "Jessie", these problems have been fixed in version
0.11-1+deb8u1.

We recommend that you upgrade your python-ecdsa packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAl25yt5fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeRabQ//fruNHEk3owXUlCWrv1F9jsCknzhOXu4y0rSzz6VnPFctLWp920ykuhUB
UduwGAlkWTSG/4xe5KZyWNvxBFW1+YARe8P+Ed92zAanXUnijxic0v4mbtbAVZG+
LWyVC96f3YxAS/+a1Xfy7kJekRIQyL288V3uCp34QEgMNVJjFK1AUkJXn4ld2Uy2
iVLaur4ZUH0Ghakv9cuHJWaIK4M0HKyHgoJAE8QFbbzvbTgqvtrP3N8qP+RaWZNM
hBGslCn09g6/2iYbxC4d4o7Av7LvyUVAm/4v/JgfM4DcBBuR4eOd8U6QLp3hqqJ3
A/oYhE0aitlsNIe8b6fcEe/vWFlXaAzxphGGUdPnuqnh/H31zO8gg0M1h5tZ9JrH
uTIe1JIgWsJRnuoe7V9tIBMWGpdmQbQYMjRiuefpqKk76MP4qUbILiLh/O0iCxi6
grFFA2b0CFZpDjUrfUeX4jr2qkHHVO6tCqqMYHmAERXcsbSR95w0ykS8dXYQn0uI
hOtMngNAKx7gLbkFIvh5utWjqLcDtzRJr8mAyAPMJG1sv0hxNaYXiHu53XhYhM7G
/g1JGkJuq8aqN2PZeIj00TVikNBVs9ywlW4QW8L5KcuPfT95xAESq6xeGh59zrPJ
wL8OeJDuNpkeiWBg9aVsJjkZKwUyggD3IQjiV7NYi1mtSTchyxM=
=FQQ2
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 1976-1] imapfilter security update
Next by Date: [SECURITY] [DLA 1979-1] italc security update
Previous by thread: [SECURITY] [DLA 1976-1] imapfilter security update
Next by thread: [SECURITY] [DLA 1979-1] italc security update
Index(es):
- Date
- Thread