PublicDateAtUSN: 2019-10-14 00:00:00 UTC Candidate: CVE-2019-14853 PublicDate: 2019-11-26 13:15:00 UTC References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14853 https://github.com/warner/python-ecdsa/pull/115 https://github.com/warner/python-ecdsa/pull/124 https://ubuntu.com/security/notices/USN-4196-1 Description: An error-handling flaw was found in python-ecdsa before version 0.13.3. During signature decoding, malformed DER signatures could raise unexpected exceptions (or no exceptions at all), which could lead to a denial of service. Ubuntu-Description: Notes: Mitigation: Bugs: https://github.com/warner/python-ecdsa/issues/114 Priority: low Discovered-by: Assigned-to: mdeslaur CVSS: nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH] Patches_python-ecdsa: upstream: https://github.com/warner/python-ecdsa/commit/b0ea52bb3aa9a16c9a4a91fdc0041edbfed10b31 upstream: https://github.com/warner/python-ecdsa/commit/20b377491e2d759a3f47eb7aedba41292cc82238 upstream: https://github.com/warner/python-ecdsa/commit/897178ca093282979ff19cc4035eadbc30ac0d23 upstream: https://github.com/warner/python-ecdsa/commit/9080d1d5ac533da0de00466aaffb49bee808bb4e upstream: https://github.com/warner/python-ecdsa/commit/14abfe020d4907fd9849f269b98f5f8f1060366b (travis) upstream: https://github.com/warner/python-ecdsa/commit/563d2ee2c07e10ae4f77ccde4161d6a14c681b1b upstream: https://github.com/warner/python-ecdsa/commit/3427fa29f319b27898a28601955807abb44c0830 upstream: https://github.com/warner/python-ecdsa/commit/99c907d7acc94da6685470328174ea7299863dfd upstream: https://github.com/warner/python-ecdsa/commit/b95be03d8540b3a088263cbb3a0a376a8a0efbd0 (travis) upstream: https://github.com/warner/python-ecdsa/commit/1eb2c0410b97ac5101b5db20e2924d79db3e8ec5 upstream: https://github.com/warner/python-ecdsa/commit/5c4c74a454c852727ac3c0207a4010486dde1866 (all) upstream_python-ecdsa: released (0.13.3-1) precise/esm_python-ecdsa: DNE trusty_python-ecdsa: ignored (out of standard support) trusty/esm_python-ecdsa: DNE xenial_python-ecdsa: released (0.13-2ubuntu0.16.04.1) esm-infra/xenial_python-ecdsa: released (0.13-2ubuntu0.16.04.1) bionic_python-ecdsa: released (0.13-2ubuntu0.18.04.1) disco_python-ecdsa: released (0.13-3ubuntu0.1) eoan_python-ecdsa: released (0.13.2-2ubuntu0.1) devel_python-ecdsa: not-affected (0.13.3-1)