Bug 227455

Summary: [maintainer-update] security/botan2: update to 2.6.0
Product: Ports & Packages Reporter: Ralf van der Enden <tremere>
Component: Individual Port(s)Assignee: freebsd-ports-bugs mailing list <ports-bugs>
Status: Closed FIXED    
Severity: Affects Some People    
Priority: ---    
Version: Latest   
Hardware: Any   
OS: Any   
Attachments:
Description Flags
Update to 2.6.0 tremere: maintainer-approval+

Description Ralf van der Enden 2018-04-12 07:34:50 UTC
Created attachment 192444 [details]
Update to 2.6.0

Bugfixes and some new features. Most notable fix:
- CVE-2018-9860 Fix a bug decrypting TLS CBC ciphertexts which could for a malformed ciphertext cause the decryptor to read and HMAC an additional 64K bytes of data which is not part of the record. This could cause a crash if the read went into unmapped memory. No information leak or out of bounds write occurs.

Full changelog:
https://botan.randombit.net/news.html#version-2-6-0-2018-04-10
Comment 1 commit-hook freebsd_committer 2018-04-12 11:52:24 UTC
A commit references this bug:

Author: krion
Date: Thu Apr 12 11:51:30 UTC 2018
New revision: 467146
URL: https://svnweb.freebsd.org/changeset/ports/467146

Log:
  Update to 2.6.0

  Bugfixes and some new features. Most notable fix:
  - CVE-2018-9860 Fix a bug decrypting TLS CBC ciphertexts which could
    for a malformed ciphertext cause the decryptor to read and HMAC an
    additional 64K bytes of data which is not part of the record. This
    could cause a crash if the read went into unmapped memory. No
    information leak or out of bounds write occurs.

  PR:		227455
  Submitted by:	maintainer

Changes:
  head/security/botan2/Makefile
  head/security/botan2/distinfo
  head/security/botan2/pkg-plist