[Bug 208393] [MAINTAINER] security/botan110: update to 1.10.12
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Wed Mar 30 10:27:02 UTC 2016
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=208393
Bug ID: 208393
Summary: [MAINTAINER] security/botan110: update to 1.10.12
Product: Ports & Packages
Version: Latest
Hardware: Any
OS: Any
Status: New
Severity: Affects Many People
Priority: ---
Component: Individual Port(s)
Assignee: freebsd-ports-bugs at FreeBSD.org
Reporter: lapo at lapo.it
Update to 1.10.12
The library changes from .so.0.9 to .so.1.12, needs a bump on devel/monotone
(and probably all other dependencies).
As far as I can tell from <http://botan.randombit.net/security.html> upgrading
from previous 1.10.9 to this release fixes the following:
CVE-2016-2195: Heap overflow on invalid ECC point
Introduced in 1.9.18, fixed in 1.10.11
CVE-2016-2194: Infinite loop in modular square root algorithm
Introduced in 1.7.15, fixed in 1.10.11
CVE-2015-5726: Crash in BER decoder
Introduced in 1.10.0, fixed in 1.10.10
CVE-2015-5727: Excess memory allocation in BER decoder
Introduced in 1.10.0, fixed in 1.10.10
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-ports-bugs
mailing list