Source: libeddsa-java X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security
Hi, The following vulnerability was published for libeddsa-java. CVE-2020-36843[0]: | The implementation of EdDSA in EdDSA-Java (aka ed25519-java) through | 0.3.0 exhibits signature malleability and does not satisfy the SUF- | CMA (Strong Existential Unforgeability under Chosen Message Attacks) | property. This allows attackers to create new valid signatures | different from previous signatures for a known message. https://github.com/str4d/ed25519-java/pull/82 If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2020-36843 https://www.cve.org/CVERecord?id=CVE-2020-36843 Please adjust the affected versions in the BTS as needed.
