diff options
author | Jack Lloyd <[email protected]> | 2016-02-03 02:57:06 -0500 |
---|---|---|
committer | Jack Lloyd <[email protected]> | 2016-02-03 02:57:06 -0500 |
commit | 94a3fa8ae0dc4df67f6e9ba780427e651baa9dfd (patch) | |
tree | 46ecce84567f265a54395ca30bb373704f0e1c36 /doc | |
parent | 43462f8d24880c42ce66ea45a76c7611fdab25cd (diff) |
Correct the PointGFp check for CVE-2016-21951.10.12
Remi Gacogne pointed out that the check intended for the y coordinate
instead checks x again. The overflow is still avoided in 1.10.11
however, because of the size check in bigint_mul and bigint_sqr also
added in that release.
Diffstat (limited to 'doc')
-rw-r--r-- | doc/log.txt | 16 |
1 files changed, 15 insertions, 1 deletions
diff --git a/doc/log.txt b/doc/log.txt index 14430a3ed..dc744f59c 100644 --- a/doc/log.txt +++ b/doc/log.txt @@ -7,10 +7,24 @@ Release Notes Series 1.10 ---------------------------------------- +Version 1.10.12, 2016-02-03 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* In 1.10.11, the check in PointGFp intended to check the affine y + argument actually checked the affine x again. Reported by Remi Gacogne + + The CVE-2016-2195 overflow is not exploitable in 1.10.11 due to an + additional check in the multiplication function itself which was + also added in that release, so there are no security implications + from the missed check. However to avoid confusion the change was + pushed in a new release immediately. + + The 1.10.11 release notes incorrectly identified CVE-2016-2195 as CVE-2016-2915 + Version 1.10.11, 2016-02-01 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -* Resolve heap overflow in ECC point decoding. CVE-2016-2915 +* Resolve heap overflow in ECC point decoding. CVE-2016-2195 * Resolve infinite loop in modular square root algorithm. CVE-2016-2194 |