Attachment 201122 Details for Bug 234938 – VuXML entry for security/botan2 describing CVE-2018-20187

[patch] VuXML entry for security/botan2 describing CVE-2018-20187

vuxml-1.1_3.diff (text/plain), 1.44 KB, created by Ralf van der Enden on 2019-01-14 13:21:23 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Ralf van der Enden

Created: 2019-01-14 13:21:23 UTC

Size: 1.44 KB

patch

obsolete

>Index: vuln.xml
>===================================================================
>--- vuln.xml	(revision 490248)
>+++ vuln.xml	(working copy)
>@@ -58,6 +58,36 @@
> * Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
> -->
> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
>+ <vuln vid="d8e7e854-17fa-11e9-bef6-6805ca2fa271">
>+ <topic>botan2 -- Side channel during ECC key generation</topic>
>+ <affects>
>+ <package>
>+	<name>botan2</name>
>+	<range><lt>2.9.0</lt></range>
>+ </package>
>+ </affects>
>+ <description>
>+ <body xmlns="http://www.w3.org/1999/xhtml">
>+	botan2 developers reports:
>+	<blockquote cite="https://botan.randombit.net/security.html#id1">
>+	 A timing side channel during ECC key generation could leak information about the
>+		high bits of the secret scalar. Such information allows an attacker to perform a
>+		brute force attack on the key somewhat more efficiently than they would otherwise.
>+		Found by JÃ¡n JanÄÃ¡r using ECTester.
>+	 Bug introduced in 1.11.20, fixed in 2.9.0
>+	</blockquote>
>+ </body>
>+ </description>
>+ <references>
>+ <url>https://botan.randombit.net/security.html#id1</url>
>+ <cvename>CVE-2018-20187</cvename>
>+ </references>
>+ <dates>
>+ <discovery>2018-12-17</discovery>
>+ <entry>2019-01-14</entry>
>+ </dates>
>+ </vuln>
>+
> <vuln vid="d38bbb79-14f3-11e9-9ce2-28d244aee256">
> <topic>irssi -- Use after free</topic>
> <affects>

Flags:

tremere: maintainer-approval+

Actions: View | Diff

Attachments on bug 234938: 201121 | 201122