Summary: | [maintainer-update] security/botan2: update to 2.6.0 | ||||||
---|---|---|---|---|---|---|---|
Product: | Ports & Packages | Reporter: | Ralf van der Enden <tremere> | ||||
Component: | Individual Port(s) | Assignee: | freebsd-ports-bugs (Nobody) <ports-bugs> | ||||
Status: | Closed FIXED | ||||||
Severity: | Affects Some People | ||||||
Priority: | --- | ||||||
Version: | Latest | ||||||
Hardware: | Any | ||||||
OS: | Any | ||||||
Attachments: |
|
Description
Ralf van der Enden
2018-04-12 07:34:50 UTC
A commit references this bug: Author: krion Date: Thu Apr 12 11:51:30 UTC 2018 New revision: 467146 URL: https://svnweb.freebsd.org/changeset/ports/467146 Log: Update to 2.6.0 Bugfixes and some new features. Most notable fix: - CVE-2018-9860 Fix a bug decrypting TLS CBC ciphertexts which could for a malformed ciphertext cause the decryptor to read and HMAC an additional 64K bytes of data which is not part of the record. This could cause a crash if the read went into unmapped memory. No information leak or out of bounds write occurs. PR: 227455 Submitted by: maintainer Changes: head/security/botan2/Makefile head/security/botan2/distinfo head/security/botan2/pkg-plist |