| ▲ | CiPHPerCoder 16 hours ago | |||||||
This also affected the PHP library, sodium_compat. https://github.com/FriendsOfPHP/security-advisories/pull/756 I'm planning to spend my evening checking every other Ed25519 implementation I can find to see if this check is missing any where else in the open source ecosystem. | ||||||||
| ▲ | CiPHPerCoder 13 hours ago | parent | next [-] | |||||||
I found several libraries that simply didn't implement the check, but none that implemented in incorrectly in the same way as the vulnerability discussed above. If you didn't receive an email from me, either your implementation isn't listed on https://ianix.com/pub/ed25519-deployment.html, I somehow missed it, or you're safe. | ||||||||
| ||||||||
| ▲ | hu3 14 hours ago | parent | prev [-] | |||||||
Thank you for your work on open source. | ||||||||