Ubuntu has issued an advisory on November 18: https://usn.ubuntu.com/4196-1/ The issues are fixed upstream in 0.13.3.
Done!
CC: (none) => geiger.david68210
Advisory: ======================== Updated python-ecdsa packages fix security vulnerability: It was discovered that python-ecdsa incorrectly handled certain signatures. A remote attacker could possibly use this issue to cause python-ecdsa to generate unexpected exceptions, resulting in a denial of service (CVE-2019-14853). It was discovered that python-ecdsa incorrectly verified DER encoding in signatures. A remote attacker could use this issue to perform certain malleability attacks (CVE-2019-14859). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14853 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14859 https://usn.ubuntu.com/4196-1/ ======================== Updated packages in core/updates_testing: ======================== python-ecdsa-0.13.3-1.mga7 python3-ecdsa-0.13.3-1.mga7 from python-ecdsa-0.13.3-1.mga7.src.rpm
Assignee: bugsquad => qa-bugs
MGA7-64 Plasma on Lenovo B50 No installation issues. No previous updates on these packages. I have been googling a bit for a simple example for this, but the ones I found involved the installation and usage of other developers stuff for python, so I gave up on those. If others agree, I will not oppose an OK on clean install.
CC: (none) => herman.viaene
OKing on a clean install. Validating. Advisory in Comment 2.
Whiteboard: (none) => MGA7-64-OKCC: (none) => andrewsfarm, sysadmin-bugsKeywords: (none) => validated_update
Keywords: (none) => advisoryCC: (none) => tmb
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2020-0002.html
Status: NEW => RESOLVEDResolution: (none) => FIXED