"Jayakumar, Jaikanth" jaikanth.jayakumar1@optum.com writes:
There is a small confusion, I believe the bug reported here (https://lists.lysator.liu.se/pipermail/nettle-bugs/2021/009457.html) is related to CVE-2021-20305, right ? and this (CVE-2021-20305) is fixed in version 3.7.2.
Which *two* problems are you asking about? The problem referred to as https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20305 was fixed in nettle-3.7.2.
Then there was a different problem, in RSA decryption, https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-3580, fixed in nettle-3.7.3.
In the case it is the same, it would help big time if the CVE was mentioned somewhere in the bug announcement thread.
I'll try to remember to mention relevant CVE ids in future release announcements. Would help to also document in the NEWS file?
Regards, /Niels
nettle-bugs@lists.lysator.liu.se