Bug 234938 - security/botan2: Update to 2.9.0 (Fixes CVE-2018-20187)
Summary: security/botan2: Update to 2.9.0 (Fixes CVE-2018-20187)
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Many People
Assignee: Tobias C. Berner
URL: https://botan.randombit.net/news.html...
Keywords: security
Depends on:
Blocks:
 
Reported: 2019-01-14 13:20 UTC by Ralf van der Enden
Modified: 2019-01-27 13:55 UTC (History)
2 users (show)

See Also:
koobs: merge-quarterly?


Attachments
Update to botan2 2.9.0 (2.04 KB, patch)
2019-01-14 13:20 UTC, Ralf van der Enden
tremere: maintainer-approval+
Details | Diff
VuXML entry for security/botan2 describing CVE-2018-20187 (1.44 KB, patch)
2019-01-14 13:21 UTC, Ralf van der Enden
tremere: maintainer-approval+
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Ralf van der Enden 2019-01-14 13:20:37 UTC
Created attachment 201121 [details]
Update to botan2 2.9.0

This update fixes the following security advisory:
- CVE-2018-20187 Address a side channel during ECC key generation, which used an unblinded Montgomery ladder. As a result, a timing attack can reveal information about the high bits of the secret key.

Full changelog: https://botan.randombit.net/news.html#version-2-9-0-2019-01-04
Comment 1 Ralf van der Enden 2019-01-14 13:21:23 UTC
Created attachment 201122 [details]
VuXML entry for security/botan2 describing CVE-2018-20187
Comment 2 commit-hook freebsd_committer 2019-01-27 09:59:05 UTC
A commit references this bug:

Author: tcberner
Date: Sun Jan 27 09:58:18 UTC 2019
New revision: 491336
URL: https://svnweb.freebsd.org/changeset/ports/491336

Log:
  security/vuxml: Document security/botan2 vulnerability

  PR:		234938
  Submitted by:	Ralf van der Enden <tremere@cainites.net> (maintainer)

Changes:
  head/security/vuxml/vuln.xml
Comment 3 commit-hook freebsd_committer 2019-01-27 10:40:37 UTC
A commit references this bug:

Author: tcberner
Date: Sun Jan 27 10:39:54 UTC 2019
New revision: 491339
URL: https://svnweb.freebsd.org/changeset/ports/491339

Log:
  security/botan2: Update to 2.9.0 (Fixes CVE-2018-20187)

  PR:		234938
  Submitted by:	Ralf van der Enden <tremere@cainites.net> (maintainer)
  MFH:		2019Q1
  Security:	d8e7e854-17fa-11e9-bef6-6805ca2fa271

Changes:
  head/editors/encryptpad/Makefile
  head/security/botan2/Makefile
  head/security/botan2/distinfo
  head/security/botan2/pkg-plist
Comment 4 commit-hook freebsd_committer 2019-01-27 13:55:27 UTC
A commit references this bug:

Author: tcberner
Date: Sun Jan 27 13:55:08 UTC 2019
New revision: 491351
URL: https://svnweb.freebsd.org/changeset/ports/491351

Log:
  MFH: r491339

  security/botan2: Update to 2.9.0 (Fixes CVE-2018-20187)

  PR:		234938
  Submitted by:	Ralf van der Enden <tremere@cainites.net> (maintainer)
  Security:	d8e7e854-17fa-11e9-bef6-6805ca2fa271

  Approved by:	ports-secteam (miwi)

Changes:
_U  branches/2019Q1/
  branches/2019Q1/editors/encryptpad/Makefile
  branches/2019Q1/security/botan2/Makefile
  branches/2019Q1/security/botan2/distinfo
  branches/2019Q1/security/botan2/pkg-plist