Created attachment 201121 [details] Update to botan2 2.9.0 This update fixes the following security advisory: - CVE-2018-20187 Address a side channel during ECC key generation, which used an unblinded Montgomery ladder. As a result, a timing attack can reveal information about the high bits of the secret key. Full changelog: https://botan.randombit.net/news.html#version-2-9-0-2019-01-04
Created attachment 201122 [details] VuXML entry for security/botan2 describing CVE-2018-20187
A commit references this bug: Author: tcberner Date: Sun Jan 27 09:58:18 UTC 2019 New revision: 491336 URL: https://svnweb.freebsd.org/changeset/ports/491336 Log: security/vuxml: Document security/botan2 vulnerability PR: 234938 Submitted by: Ralf van der Enden <tremere@cainites.net> (maintainer) Changes: head/security/vuxml/vuln.xml
A commit references this bug: Author: tcberner Date: Sun Jan 27 10:39:54 UTC 2019 New revision: 491339 URL: https://svnweb.freebsd.org/changeset/ports/491339 Log: security/botan2: Update to 2.9.0 (Fixes CVE-2018-20187) PR: 234938 Submitted by: Ralf van der Enden <tremere@cainites.net> (maintainer) MFH: 2019Q1 Security: d8e7e854-17fa-11e9-bef6-6805ca2fa271 Changes: head/editors/encryptpad/Makefile head/security/botan2/Makefile head/security/botan2/distinfo head/security/botan2/pkg-plist
A commit references this bug: Author: tcberner Date: Sun Jan 27 13:55:08 UTC 2019 New revision: 491351 URL: https://svnweb.freebsd.org/changeset/ports/491351 Log: MFH: r491339 security/botan2: Update to 2.9.0 (Fixes CVE-2018-20187) PR: 234938 Submitted by: Ralf van der Enden <tremere@cainites.net> (maintainer) Security: d8e7e854-17fa-11e9-bef6-6805ca2fa271 Approved by: ports-secteam (miwi) Changes: _U branches/2019Q1/ branches/2019Q1/editors/encryptpad/Makefile branches/2019Q1/security/botan2/Makefile branches/2019Q1/security/botan2/distinfo branches/2019Q1/security/botan2/pkg-plist