-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4588-1 security@xxxxxxxxxx https://www.debian.org/security/ Sebastien Delafond December 17, 2019 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : python-ecdsa CVE ID : CVE-2019-14853 CVE-2019-14859 It was discovered that python-ecdsa, a cryptographic signature library for Python, incorrectly handled certain signatures. A remote attacker could use this issue to cause python-ecdsa to either not warn about incorrect signatures, or generate exceptions resulting in a denial-of-service. For the oldstable distribution (stretch), these problems have been fixed in version 0.13-2+deb9u1. For the stable distribution (buster), these problems have been fixed in version 0.13-3+deb10u1. We recommend that you upgrade your python-ecdsa packages. For the detailed security status of python-ecdsa please refer to its security tracker page at: https://security-tracker.debian.org/tracker/python-ecdsa Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@xxxxxxxxxxxxxxxx -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEAqSkbVtrXP4xJMh3EL6Jg/PVnWQFAl34+5QACgkQEL6Jg/PV nWThYAf+PH/Het1sH5n/p+JnC9ys9BjbJw/bUrXl0RYx812cWlVo4wWkAyjS9xD/ q0tR8Gx2wqAEauGa8Vy8H2hP8iW82+lCGlOoWNMqpVE+x1fwTLA8GCwH6f/UBrPC 5UJv06X6WYtrp3l3NKnq5IOR4QmWIVg3+gmrlm+6wC5NELwOCg0eH79vy+qtbc0w 7LaEI4IOi7yz11sXo7O0vu31S70EiwzRW6kyjlLfOrPN2OigiKYOkdAbWUocnSkR Uy/LlLCYZry60wbUu9adOz/MOib2Bc9ARzskPrTPUQ0JgrZT1kiUIFU18mmVW9ym qD3fYFLisZQT0hcu1C1D+UDfAVrpQQ== =CvMQ -----END PGP SIGNATURE-----