Commit Graph

6 Commits

Author SHA1 Message Date
Martin Weinelt
4630fcf686
botan2: 2.9.0 -> 2.17.2
In botan 2.11.0 the upstream switched to tar.xz archives. To continue
supporting botan1 the source package extension can now be overriden from
within the specialized package.

Addresses two advisories, neither of which received a CVE:
- 2020-07-05: Failure to enforce name constraints on alternative names
- 2020-03-24: Side channel during CBC padding
2020-11-30 19:35:13 +01:00
Red Davies
93b523d030 botan2: update 2.7.0 -> 2.9.0
Fixes:
CVE-2018-12435: requires >= 2.7.0 (NVD extry is incorrect)
"Bug introduced in 2.5.0, fixed in 2.7.0. The 1.10 branch is not affected."
A side channel in the ECDSA signature operation could allow a local attacker to recover the secret key.

CVE-2018-20187: requires >= 2.9.0
"Introduced in 1.11.20, fixed in 2.8.0."
A timing side channel during ECC key generation could leak information about the high bits of the secret scalar. Such information allows an attacker to perform a brute force attack on the key somewhat more efficiently than they would otherwise.
2020-11-24 14:11:14 -05:00
leenaars
584561bb06 botan: 2.6.0 -> 2.7.0 (#43223) 2018-07-09 12:52:38 +02:00
Michael Raskin
8b62a1b4b1 botan2: 2.3 -> 2.6 2018-05-02 02:46:52 +02:00
Franz Pletz
acc8d160f0
botan2: 2.0.1 -> 2.3.0 for CVE-2017-14737 2017-10-24 14:21:07 +02:00
Michael Raskin
6962e84b8d botan2: init at 2.0.1 2017-03-09 18:47:37 +01:00