Debian Patches
Status for rust-sequoia-openpgp/2.0.0-2+deb13u1
| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| cleanup-deps.patch | =================================================================== | no | ||||
| drop-experimental-and-variable-time-crypto-backends.patch | =================================================================== | no | ||||
| simplify-base64.patch | =================================================================== | no | ||||
| 0001-openpgp-Fix-an-underflow-in-aes_key_unwrap.patch | [PATCH] openpgp: Fix an underflow in aes_key_unwrap. - The `aes_key_unwrap` function would panic if passed a ciphertext that was too short. In a debug build, it would panic due to a subtraction underflow. In a release build, it would use the small negative quantity to allocate a vector. Since the allocator expects an unsigned quantity, the negative value would be interpreted as a huge allocation. The allocator would then fail to allocate the memory and panic. An attacker could trigger this panic by sending a victim an encrypted message whose PKESK or SKESK packet has been specially modified. When the victim decrypts the message, the program would crash. - Fix it. - Reported-by: Jan Różański. |
"Neal H. Walfield" <neal@sequoia-pgp.org> | no | 2025-11-07 |
All known versions for source package 'rust-sequoia-openpgp'
- 2.1.0-1 (forky, sid)
- 2.0.0-2+deb13u1 (trixie-proposed-updates)
- 2.0.0-2 (trixie)
- 1.12.0-2 (bookworm)