Bug 209594 - security/botan110: CVE-2016-2849
Summary: security/botan110: CVE-2016-2849
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Jason Unovitch
URL:
Keywords: needs-qa
Depends on:
Blocks:
 
Reported: 2016-05-18 02:10 UTC by Sevan Janiyan
Modified: 2016-06-14 01:50 UTC (History)
3 users (show)

See Also:
vlad-fbsd: maintainer-feedback+
junovitch: merge-quarterly+

Attachments
Upgrade to 1.10.13 (1.60 KB, patch)
2016-06-13 15:00 UTC, Lapo Luchini 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Sevan Janiyan 2016-05-18 02:10:19 UTC 
Version in ports is vulnerable to a side channel attack addressed in 1.10.13
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2849
Comment 1 Lapo Luchini 2016-05-18 10:59:01 UTC 
The 1.10.13 port is ready (it's actually just a bump), but I'm waiting for the formal upstream release in order to have an official source of the fixed bugs:
https://botan.randombit.net/news.html
Comment 2 Sevan Janiyan 2016-05-18 11:30:34 UTC 
(In reply to Lapo Luchini from comment #1)
There was a announcement on the list
https://lists.randombit.net/pipermail/botan-devel/2016-April/002101.html
Comment 3 VK 2016-06-09 14:55:46 UTC 
Guys, what's the status on this? Lapo, could you perhaps do the vuxml entry patch if the port update is not ready yet?
Comment 4 Lapo Luchini 2016-06-13 15:00:17 UTC 
Created attachment 171388 [details]
Upgrade to 1.10.13
Comment 5 Lapo Luchini 2016-06-13 15:01:15 UTC 
The port itself has been long ready, it's the VuXML which isn't yet.
Comment 6 commit-hook freebsd_committer freebsd_triage 2016-06-14 01:49:47 UTC 
A commit references this bug:

Author: junovitch
Date: Tue Jun 14 01:49:13 UTC 2016
New revision: 416873
URL: https://svnweb.freebsd.org/changeset/ports/416873

Log:
  security/botan110: update 1.10.12 -> 1.10.13

  PR:		209594
  Reported by:	Sevan Janiyan <venture37@geeklan.co.uk>
  Submitted by:	Lapo Luchini <lapo@lapo.it> (maintainer)
  Security:	CVE-2015-7827
  Security:	CVE-2016-2849
  Security:	https://vuxml.FreeBSD.org/freebsd/ac0900df-31d0-11e6-8e82-002590263bf5.html
  MFH:		2016Q2

Changes:
  head/security/botan110/Makefile
  head/security/botan110/distinfo
Comment 7 Jason Unovitch freebsd_committer freebsd_triage 2016-06-14 01:50:18 UTC 
Committed. Thanks!
Comment 8 commit-hook freebsd_committer freebsd_triage 2016-06-14 01:50:49 UTC 
A commit references this bug:

Author: junovitch
Date: Tue Jun 14 01:50:34 UTC 2016
New revision: 416874
URL: https://svnweb.freebsd.org/changeset/ports/416874

Log:
  MFH: r416873

  security/botan110: update 1.10.12 -> 1.10.13

  PR:		209594
  Reported by:	Sevan Janiyan <venture37@geeklan.co.uk>
  Submitted by:	Lapo Luchini <lapo@lapo.it> (maintainer)
  Approved by:	ports-secteam (with hat)
  Security:	CVE-2015-7827
  Security:	CVE-2016-2849
  Security:	https://vuxml.FreeBSD.org/freebsd/ac0900df-31d0-11e6-8e82-002590263bf5.html

Changes:
_U  branches/2016Q2/
  branches/2016Q2/security/botan110/Makefile
  branches/2016Q2/security/botan110/distinfo