Set the correct CVE_PRODUCT value, the default python: ecdsa doesn't
match relevant entries.
The correct values were taken from the CVE db, by checking which CVEs
are relevant.
See CVE db query:
sqlite> select * from products where product like '%ecdsa%';
CVE-2019-14853|python-ecdsa_project|python-ecdsa|||0.13.3|<
CVE-2019-14859|python-ecdsa_project|python-ecdsa|||0.13.3|<
CVE-2020-12607|antonkueltz|fastecdsa|||2.1.2|<
CVE-2021-43568|starkbank|elixir_ecdsa|1.0.0|=||
CVE-2021-43569|starkbank|ecdsa-dotnet|1.3.2|=||
CVE-2021-43570|starkbank|ecdsa-java|1.0.0|=||
CVE-2021-43571|starkbank|ecdsa-node|1.1.2|=||
CVE-2021-43572|starkbank|ecdsa-python|||2.0.1|<
CVE-2022-24884|ecdsautils_project|ecdsautils|||0.4.1|<
CVE-2024-21502|antonkueltz|fastecdsa|||2.3.2|<
CVE-2024-23342|tlsfuzzer|ecdsa|||0.18.0|<=
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
============
New API:
-----------
- der.remove_implicit and der.encode_implicit for decoding and
encoding DER IMPLICIT values with custom tag values and arbitrary
classes
Bug fixes:
------------
- Minor fixes around arithmetic with curves that have non-prime order
(useful for experimentation, not practical deployments)
- Fix arithmetic to work with curves that have (0, 0) on the curve
- Fix canonicalization of signatures when s is just slightly
above half of curve order
Maintenance:
------------
- Dropped official support for Python 3.5 (again, issues with CI, support
for Python 2.6 and Python 2.7 is unchanged)
- Officially support Python 3.12 and 3.13 (add them to CI)
- Removal of few more unnecessary six.b literals (Alexandre Detiste)
- Fix typos in warning messages
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
