Date: Fri, 17 Aug 2018 21:07:32 +0000 (UTC) From: Steve Wills <swills@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r477448 - head/security/vuxml Message-ID: <201808172107.w7HL7WGu064821@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: swills Date: Fri Aug 17 21:07:32 2018 New Revision: 477448 URL: https://svnweb.freebsd.org/changeset/ports/477448 Log: Document issue in security/botan2 PR: 230666 Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Fri Aug 17 19:45:55 2018 (r477447) +++ head/security/vuxml/vuln.xml Fri Aug 17 21:07:32 2018 (r477448) @@ -58,6 +58,34 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; + <vuln vid="7762d7ad-2e38-41d2-9785-c51f653ba8bd"> + <topic>botan2 -- ECDSA side channel</topic> + <affects> + <package> + <name>botan2</name> + <range><ge>2.5.0</ge><lt>2.7.0</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>botan2 developers report:</p> + <blockquote cite="https://botan.randombit.net/security.html#id1">; + <p>A side channel in the ECDSA signature operation could allow a local attacker to recover the secret key. Found by Keegan Ryan of NCC Group.</p> + <p>Bug introduced in 2.5.0, fixed in 2.7.0. The 1.10 branch is not affected.</p> + </blockquote> + </body> + </description> + <references> + <url>https://botan.randombit.net/security.html#id1</url>; + <url>https://github.com/randombit/botan/pull/1604</url>; + <cvename>CVE-2018-12435</cvename> + </references> + <dates> + <discovery>2018-06-13</discovery> + <entry>2018-08-17</entry> + </dates> + </vuln> + <vuln vid="6905f05f-a0c9-11e8-8335-8c164535ad80"> <topic>jenkins -- multiple vulnerabilities</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201808172107.w7HL7WGu064821>