Debian Patches
Status for node-elliptic/6.6.1+dfsg+~6.4.18-2
| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| use-assert.patch | use assert instead of minimalistic-assert | Pirate Praveen <praveen@debian.org> | not-needed | 2019-01-10 | ||
| fix-error-with-new-bn.patch | Fix error with newer node-bn.js key sign accepts only hexadecimal number |
exoego <mogami@exoego.net> | no | https://github.com/indutny/elliptic/commit/3d7b3b284cbc8454501f5f0d6c3560db9eaa642b.patch | ||
| CVE-2025-14505.patch | Fix ECDSA signing when k has leading zeros (CVE-2025-14505) Pass raw DRBG output array directly to _truncateToN instead of converting to BN first, preserving correct byte length for truncation calculations. Without this fix, ~1/256 signatures are incorrect and combining a faulty signature with a correct one can expose the private key. |
not-needed | debian | https://github.com/indutny/elliptic/pull/345 |
All known versions for source package 'node-elliptic'
- 6.6.1+dfsg+~6.4.18-2 (sid, forky)
- 6.6.1+dfsg-1 (trixie)
- 6.5.4~dfsg-2 (bookworm)