Version in base suite: 1.0.18-1 Base version: libsodium_1.0.18-1 Target version: libsodium_1.0.18-1+deb13u1 Base file: /srv/ftp-master.debian.org/ftp/pool/main/libs/libsodium/libsodium_1.0.18-1.dsc Target file: /srv/ftp-master.debian.org/policy/pool/main/libs/libsodium/libsodium_1.0.18-1+deb13u1.dsc changelog | 7 +++++ patches/CVE-2025-69277.patch | 58 +++++++++++++++++++++++++++++++++++++++++++ patches/series | 1 3 files changed, 66 insertions(+) dpkg-source: warning: cannot verify inline signature for /srv/release.debian.org/tmp/tmp34n6bhcf/libsodium_1.0.18-1.dsc: no acceptable signature found dpkg-source: warning: cannot verify inline signature for /srv/release.debian.org/tmp/tmp34n6bhcf/libsodium_1.0.18-1+deb13u1.dsc: no acceptable signature found diff -Nru libsodium-1.0.18/debian/changelog libsodium-1.0.18/debian/changelog --- libsodium-1.0.18/debian/changelog 2019-08-18 11:58:00.000000000 +0000 +++ libsodium-1.0.18/debian/changelog 2026-01-01 09:36:18.000000000 +0000 @@ -1,3 +1,10 @@ +libsodium (1.0.18-1+deb13u1) trixie-security; urgency=medium + + * Backport security fix for CVE-2025-69277: mishandled checks for whether + an elliptic curve point is valid (closes: #1124374). + + -- Laszlo Boszormenyi (GCS) Thu, 01 Jan 2026 10:36:18 +0100 + libsodium (1.0.18-1) unstable; urgency=medium * New upstream release. diff -Nru libsodium-1.0.18/debian/patches/CVE-2025-69277.patch libsodium-1.0.18/debian/patches/CVE-2025-69277.patch --- libsodium-1.0.18/debian/patches/CVE-2025-69277.patch 1970-01-01 00:00:00.000000000 +0000 +++ libsodium-1.0.18/debian/patches/CVE-2025-69277.patch 2026-01-01 09:36:18.000000000 +0000 @@ -0,0 +1,58 @@ +From ad3004ec8731730e93fcfbbc824e67eadc1c1bae Mon Sep 17 00:00:00 2001 +From: Frank Denis +Date: Mon, 29 Dec 2025 23:22:15 +0100 +Subject: [PATCH] core_ed25519_is_valid_point: check Y==Z in addition to X==0 + +--- + src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c | 5 ++++- + test/default/core_ed25519.c | 7 ++++++- + 2 files changed, 10 insertions(+), 2 deletions(-) + +diff --git a/src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c b/src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c +index d3020132a1..4b824f6d94 100644 +--- a/src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c ++++ b/src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c +@@ -992,10 +992,13 @@ int + ge25519_is_on_main_subgroup(const ge25519_p3 *p) + { + ge25519_p3 pl; ++ fe25519 t; + + ge25519_mul_l(&pl, p); + +- return fe25519_iszero(pl.X); ++ fe25519_sub(t, pl.Y, pl.Z); ++ ++ return fe25519_iszero(pl.X) & fe25519_iszero(t); + } + + int +diff --git a/test/default/core_ed25519.c b/test/default/core_ed25519.c +index bc45749391..02f72bd681 100644 +--- a/test/default/core_ed25519.c ++++ b/test/default/core_ed25519.c +@@ -13,6 +13,10 @@ static const unsigned char max_canonical + 0xe4, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f + }; ++static const unsigned char not_main_subgroup_p[32] = { ++ 0x95, 0x99, 0x99, 0x99, 0x99, 0x99, 0x99, 0x99, 0x99, 0x99, 0x99, 0x99, 0x99, 0x99, 0x99, 0x99, ++ 0x99, 0x99, 0x99, 0x99, 0x99, 0x99, 0x99, 0x99, 0x99, 0x99, 0x99, 0x99, 0x99, 0x99, 0x99, 0x99 ++}; + + static void + add_P(unsigned char * const S) +@@ -130,11 +134,12 @@ main(void) + assert(crypto_core_ed25519_is_valid_point(p) == 0); + + p[0] = 9; +- assert(crypto_core_ed25519_is_valid_point(p) == 1); ++ assert(crypto_core_ed25519_is_valid_point(p) == 0); + + assert(crypto_core_ed25519_is_valid_point(max_canonical_p) == 1); + assert(crypto_core_ed25519_is_valid_point(non_canonical_invalid_p) == 0); + assert(crypto_core_ed25519_is_valid_point(non_canonical_p) == 0); ++ assert(crypto_core_ed25519_is_valid_point(not_main_subgroup_p) == 0); + + memcpy(p2, p, crypto_core_ed25519_BYTES); + add_P(p2); diff -Nru libsodium-1.0.18/debian/patches/series libsodium-1.0.18/debian/patches/series --- libsodium-1.0.18/debian/patches/series 1970-01-01 00:00:00.000000000 +0000 +++ libsodium-1.0.18/debian/patches/series 2026-01-01 09:36:18.000000000 +0000 @@ -0,0 +1 @@ +CVE-2025-69277.patch