Overview

File thunderbird-fix-CVE-2024-34703.patch of Package MozillaThunderbird

https://github.com/randombit/botan/commit/94e9154c143aa5264da6254a6a1be5bc66ee2b5a

diff --git a/comm/third_party/botan/src/lib/pubkey/ec_group/ec_group.cpp b/comm/third_party/botan/src/lib/pubkey/ec_group/ec_group.cpp
index bb60bacf7ba..214751b4eb0 100644
--- a/comm/third_party/botan/src/lib/pubkey/ec_group/ec_group.cpp
+++ b/comm/third_party/botan/src/lib/pubkey/ec_group/ec_group.cpp
@@ -334,8 +334,11 @@ std::shared_ptr<EC_Group_Data> EC_Group::BER_decode_EC_group(const uint8_t bits[
          .end_cons()
          .verify_end();
 
-      if(p.bits() < 64 || p.is_negative() || !is_bailie_psw_probable_prime(p))
-         throw Decoding_Error("Invalid ECC p parameter");
+      if(p.bits() < 112 || p.bits() > 1024)
+         throw Decoding_Error("ECC p parameter is invalid size");
+
+      if(p.is_negative() || !is_bailie_psw_probable_prime(p))
+         throw Decoding_Error("ECC p parameter is not a prime");
 
       if(a.is_negative() || a >= p)
          throw Decoding_Error("Invalid ECC a parameter");
openSUSE Build Service is sponsored by
Places