From 5137b45766cb7b0a0f1e65af9cbf9d57b74a1630 Mon Sep 17 00:00:00 2001
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Thu, 1 Apr 2021 09:00:18 +0200
Subject: Add assigned nettle CVE

---
 data/CVE/2021.list | 20 ++++++++++++++++++--
 1 file changed, 18 insertions(+), 2 deletions(-)

diff --git a/data/CVE/2021.list b/data/CVE/2021.list
index b2acdf21b0..206161ffa0 100644
--- a/data/CVE/2021.list
+++ b/data/CVE/2021.list
@@ -20673,8 +20673,24 @@ CVE-2021-20307
 	RESERVED
 CVE-2021-20306
 	RESERVED
-CVE-2021-20305
-	RESERVED
+CVE-2021-20305 [Out of Bound memory access in signature verification]
+	RESERVED
+	- nettle <unfixed>
+	NOTE: https://lists.lysator.liu.se/pipermail/nettle-bugs/2021/009457.html
+	NOTE: New functions ecc_mod_mul_canonical and ecc_mod_sqr_canonical:
+	NOTE: https://git.lysator.liu.se/nettle/nettle/-/commit/a63893791280d441c713293491da97c79c0950fe
+	NOTE: Use ecc_mod_mul_canonical for point comparison:
+	NOTE: https://git.lysator.liu.se/nettle/nettle/-/commit/971bed6ab4b27014eb23085e8176917e1a096fd5
+	NOTE: Fix bug in ecc_ecdsa_verify:
+	NOTE: https://git.lysator.liu.se/nettle/nettle/-/commit/74ee0e82b6891e090f20723750faeb19064e31b2
+	NOTE: Ensure ecdsa_sign output is canonically reduced:
+	NOTE: https://git.lysator.liu.se/nettle/nettle/-/commit/51f643eee00e2caa65c8a2f5857f49acdf3ef1ce
+	NOTE: Analogous fix to ecc_gostdsa_verify:
+	NOTE: https://git.lysator.liu.se/nettle/nettle/-/commit/401c8d53d8a8cf1e79980e62bda3f946f8e07c14
+	NOTE: Similar fix for eddsa:
+	NOTE: https://git.lysator.liu.se/nettle/nettle/-/commit/ae3801a0e5cce276c270973214385c86048d5f7b
+	NOTE: Fix canonical reduction in gostdsa_vko:
+	NOTE: https://git.lysator.liu.se/nettle/nettle/-/commit/63f222c60b03470c0005aa9bc4296fbf585f68b9
 CVE-2021-20304
 	RESERVED
 CVE-2021-20303
-- 
cgit v1.2.3