FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

security/py-ecdsa -- multiple issues

Affected packages
py27-ecdsa <= 0.13.3
py37-ecdsa <= 0.13.3

Details

VuXML ID a23ebf36-e8b6-4665-b0f3-4c977f9a145c
Discovery 2019-10-07
Entry 2020-08-16

py-ecdsa developers report:

Fix CVE-2019-14853 - possible DoS caused by malformed signature decoding.

Fix CVE-2019-14859 - signature malleability caused by insufficient checks of DER encoding

[source]

References

CVE Name CVE-2019-14853
CVE Name CVE-2019-14859
URL https://github.com/warner/python-ecdsa/releases/tag/python-ecdsa-0.13.3

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.