Package: dnsmasq Version: 2.80-1 Tags: upstream Severity: serious dnsmasq_ecdsa_verify() (in crypto.c) uses the addresses of nettle_secp_256r1 and nettle_secp_384r1 directly. As the comment in ecc-curve.h explains, "Due to ABI subtleties, applications should not refer to these directly, but use the below accessor functions." (nettle_get_secp_256r1() and nettle_get_secp_384r1().) Indeed, dnsmasq will fail to build with nettle 3.5.1.
-- Magnus Holmgren holmg...@debian.org Debian Developer
signature.asc
Description: This is a digitally signed message part.
