svn commit: r491336 - head/security/vuxml
Tobias C. Berner
tcberner at FreeBSD.org
Sun Jan 27 09:58:18 UTC 2019
Author: tcberner
Date: Sun Jan 27 09:58:17 2019
New Revision: 491336
URL: https://svnweb.freebsd.org/changeset/ports/491336
Log:
security/vuxml: Document security/botan2 vulnerability
PR: 234938
Submitted by: Ralf van der Enden <tremere at cainites.net> (maintainer)
Modified:
head/security/vuxml/vuln.xml
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Sun Jan 27 09:49:57 2019 (r491335)
+++ head/security/vuxml/vuln.xml Sun Jan 27 09:58:17 2019 (r491336)
@@ -58,6 +58,36 @@ Notes:
* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="d8e7e854-17fa-11e9-bef6-6805ca2fa271">
+ <topic>botan2 -- Side channel during ECC key generation</topic>
+ <affects>
+ <package>
+ <name>botan2</name>
+ <range><lt>2.9.0</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>botan2 developers reports:</p>
+ <blockquote cite="https://botan.randombit.net/security.html#id1">
+ <p>A timing side channel during ECC key generation could leak information about the
+ high bits of the secret scalar. Such information allows an attacker to perform a
+ brute force attack on the key somewhat more efficiently than they would otherwise.
+ Found by Ján Jančár using ECTester.</p>
+ <p>Bug introduced in 1.11.20, fixed in 2.9.0</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://botan.randombit.net/security.html#id1</url>
+ <cvename>CVE-2018-20187</cvename>
+ </references>
+ <dates>
+ <discovery>2018-12-17</discovery>
+ <entry>2019-01-27</entry>
+ </dates>
+ </vuln>
+
<vuln vid="111aefca-2213-11e9-9c8d-6805ca0b3d42">
<topic>phpMyAdmin -- File disclosure and SQL injection</topic>
<affects>
More information about the svn-ports-head
mailing list