Date: Wed, 30 Mar 2016 10:27:02 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-ports-bugs@FreeBSD.org Subject: [Bug 208393] [MAINTAINER] security/botan110: update to 1.10.12 Message-ID: <bug-208393-13@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D208393 Bug ID: 208393 Summary: [MAINTAINER] security/botan110: update to 1.10.12 Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Many People Priority: --- Component: Individual Port(s) Assignee: freebsd-ports-bugs@FreeBSD.org Reporter: lapo@lapo.it Update to 1.10.12 The library changes from .so.0.9 to .so.1.12, needs a bump on devel/monotone (and probably all other dependencies). As far as I can tell from <http://botan.randombit.net/security.html>; upgrad= ing from previous 1.10.9 to this release fixes the following: CVE-2016-2195: Heap overflow on invalid ECC point Introduced in 1.9.18, fixed in 1.10.11 CVE-2016-2194: Infinite loop in modular square root algorithm Introduced in 1.7.15, fixed in 1.10.11 CVE-2015-5726: Crash in BER decoder Introduced in 1.10.0, fixed in 1.10.10 CVE-2015-5727: Excess memory allocation in BER decoder Introduced in 1.10.0, fixed in 1.10.10 --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-208393-13>