[Buildroot] [PATCH 1/1] package/python-ecdsa: bump to version 0.13.3
Peter Korsgaard
peter at korsgaard.com
Tue Dec 17 16:49:47 UTC 2019
>>>>> "Asaf" == Asaf Kahlon <asafka7 at gmail.com> writes:
> Signed-off-by: Asaf Kahlon <asafka7 at gmail.com>
Committed to 2019.02.x after adjusting the commit message to make it
clear that this is a security fix, thanks.
In the future, please mention when version bumps contain security fixes,
thanks. In this case the release notes were literally:
Fix CVE-2019-14853 - possible DoS caused by malformed signature decoding
Fix CVE-2019-14859 - signature malleability caused by insufficient checks of DER encoding
Also harden key decoding from string and DER encodings.
https://github.com/warner/python-ecdsa/releases/tag/python-ecdsa-0.13.3
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list