Created attachment 192444 [details] Update to 2.6.0 Bugfixes and some new features. Most notable fix: - CVE-2018-9860 Fix a bug decrypting TLS CBC ciphertexts which could for a malformed ciphertext cause the decryptor to read and HMAC an additional 64K bytes of data which is not part of the record. This could cause a crash if the read went into unmapped memory. No information leak or out of bounds write occurs. Full changelog: https://botan.randombit.net/news.html#version-2-6-0-2018-04-10
A commit references this bug: Author: krion Date: Thu Apr 12 11:51:30 UTC 2018 New revision: 467146 URL: https://svnweb.freebsd.org/changeset/ports/467146 Log: Update to 2.6.0 Bugfixes and some new features. Most notable fix: - CVE-2018-9860 Fix a bug decrypting TLS CBC ciphertexts which could for a malformed ciphertext cause the decryptor to read and HMAC an additional 64K bytes of data which is not part of the record. This could cause a crash if the read went into unmapped memory. No information leak or out of bounds write occurs. PR: 227455 Submitted by: maintainer Changes: head/security/botan2/Makefile head/security/botan2/distinfo head/security/botan2/pkg-plist