Botan

buschmann23/Botan

SHA256

Fork 0

forked from pool/Botan

Commit Graph

Author	SHA256	Message	Date
Philipp Thomas	775d045da9	- Update to 1.10.14 * Fix integer overflow during BER decoding, found by Falko Strenzke. This bug is not thought to be directly exploitable but upgrading ASAP is advised. (CVE-2016-9132) * Fix two cases where (in error situations) an exception would be thrown from a destructor, causing a call to std::terminate. * When RC4 is disabled in the build, also prevent it from being included in the OpenSSL provider. (GH #638) * Use constant time modular inverse algorithm to avoid possible side channel attack against ECDSA (CVE-2016-2849) * Use constant time PKCS #1 unpadding to avoid possible side channel attack against RSA decryption (CVE-2015-7827) * Avoid a compilation problem in OpenSSL engine when ECDSA was disabled. Gentoo bug 542010 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/Botan?expand=0&rev=62	2016-12-28 12:34:03 +00:00

Author

SHA256

Message

Date

Philipp Thomas

775d045da9

- Update to 1.10.14

* Fix integer overflow during BER decoding, found by Falko Strenzke.
      This bug is not thought to be directly exploitable but upgrading ASAP
      is advised. (CVE-2016-9132)
    * Fix two cases where (in error situations) an exception would be
      thrown from a destructor, causing a call to std::terminate.
    * When RC4 is disabled in the build, also prevent it from being
      included in the OpenSSL provider. (GH #638)
  * Use constant time modular inverse algorithm to avoid possible side 
    channel attack against ECDSA (CVE-2016-2849)
  * Use constant time PKCS #1 unpadding to avoid possible side channel
    attack against RSA decryption (CVE-2015-7827)
  * Avoid a compilation problem in OpenSSL engine when ECDSA was
    disabled. Gentoo bug 542010

OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/Botan?expand=0&rev=62

2016-12-28 12:34:03 +00:00

1 Commits