Bug 234938

Summary:

security/botan2: Update to 2.9.0 (Fixes CVE-2018-20187)

Product:

Ports & Packages

Reporter:

Ralf van der Enden <tremere>

Component:

Individual Port(s)

Assignee:

Tobias C. Berner <tcberner>

Status:

Closed FIXED

Severity:

Affects Many People

CC:

ports-secteam, tcberner

Priority:

Normal

Keywords:

security

Version:

Latest

Flags:

koobs: merge-quarterly?

Hardware:

Any

OS:

Any

URL:

https://botan.randombit.net/news.html#version-2-9-0-2019-01-04

Attachments:

Description	Flags
Update to botan2 2.9.0	tremere: maintainer-approval+
VuXML entry for security/botan2 describing CVE-2018-20187	tremere: maintainer-approval+

Description Ralf van der Enden 2019-01-14 13:20:37 UTC

Created attachment 201121 [details]
Update to botan2 2.9.0

This update fixes the following security advisory:
- CVE-2018-20187 Address a side channel during ECC key generation, which used an unblinded Montgomery ladder. As a result, a timing attack can reveal information about the high bits of the secret key.

Full changelog: https://botan.randombit.net/news.html#version-2-9-0-2019-01-04

Comment 1 Ralf van der Enden 2019-01-14 13:21:23 UTC

Created attachment 201122 [details]
VuXML entry for security/botan2 describing CVE-2018-20187

Comment 2 commit-hook freebsd_committer

2019-01-27 09:59:05 UTC

A commit references this bug:

Author: tcberner
Date: Sun Jan 27 09:58:18 UTC 2019
New revision: 491336
URL: https://svnweb.freebsd.org/changeset/ports/491336

Log:
  security/vuxml: Document security/botan2 vulnerability

  PR:		234938
  Submitted by:	Ralf van der Enden <tremere@cainites.net> (maintainer)

Changes:
  head/security/vuxml/vuln.xml

Comment 3 commit-hook freebsd_committer

2019-01-27 10:40:37 UTC

A commit references this bug:

Author: tcberner
Date: Sun Jan 27 10:39:54 UTC 2019
New revision: 491339
URL: https://svnweb.freebsd.org/changeset/ports/491339

Log:
  security/botan2: Update to 2.9.0 (Fixes CVE-2018-20187)

  PR:		234938
  Submitted by:	Ralf van der Enden <tremere@cainites.net> (maintainer)
  MFH:		2019Q1
  Security:	d8e7e854-17fa-11e9-bef6-6805ca2fa271

Changes:
  head/editors/encryptpad/Makefile
  head/security/botan2/Makefile
  head/security/botan2/distinfo
  head/security/botan2/pkg-plist

Comment 4 commit-hook freebsd_committer

2019-01-27 13:55:27 UTC

A commit references this bug:

Author: tcberner
Date: Sun Jan 27 13:55:08 UTC 2019
New revision: 491351
URL: https://svnweb.freebsd.org/changeset/ports/491351

Log:
  MFH: r491339

  security/botan2: Update to 2.9.0 (Fixes CVE-2018-20187)

  PR:		234938
  Submitted by:	Ralf van der Enden <tremere@cainites.net> (maintainer)
  Security:	d8e7e854-17fa-11e9-bef6-6805ca2fa271

  Approved by:	ports-secteam (miwi)

Changes:
_U  branches/2019Q1/
  branches/2019Q1/editors/encryptpad/Makefile
  branches/2019Q1/security/botan2/Makefile
  branches/2019Q1/security/botan2/distinfo
  branches/2019Q1/security/botan2/pkg-plist