diff options
| author | Jack Lloyd <[email protected]> | 2016-08-30 14:18:37 -0400 |
|---|---|---|
| committer | Jack Lloyd <[email protected]> | 2016-08-30 14:34:44 -0400 |
| commit | 5e946f93e8e751d2104f58583d4f209ca631aff1 (patch) | |
| tree | 4de1ca9691dbc077d1088ff8265f3431e540b347 | |
| parent | 394876f1332b3c351eb3a6a643fcafdad54fa5b4 (diff) | |
Update for 1.11.31 release1.11.31
| -rw-r--r-- | doc/news.rst | 2 | ||||
| -rw-r--r-- | doc/security.rst | 18 | ||||
| -rw-r--r-- | readme.rst | 6 |
3 files changed, 22 insertions, 4 deletions
diff --git a/doc/news.rst b/doc/news.rst index ca7686725..711f982a8 100644 --- a/doc/news.rst +++ b/doc/news.rst @@ -1,7 +1,7 @@ Release Notes ======================================== -Version 1.11.31, Not Yet Released +Version 1.11.31, 2016-08-30 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Fix undefined behavior in Curve25519 on platforms without a native 128-bit diff --git a/doc/security.rst b/doc/security.rst index 23b46f30d..6223943e0 100644 --- a/doc/security.rst +++ b/doc/security.rst @@ -19,6 +19,24 @@ Advisories 2016 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +* 2016-08-30 (CVE-2016-6878) Undefined behavior in Curve25519 + + On systems without a native 128-bit integer type, the Curve25519 code invoked + undefined behavior. This was known to produce incorrect results on 32-bit ARM + when compiled by Clang. + + Introduced in 1.11.12, fixed in 1.11.31 + +* 2016-08-30 (CVE-2016-6879) Bad result from X509_Certificate::allowed_usage + + If allowed_usage was called with more than one Key_Usage set in the enum + value, the function would return true if *any* of the allowed usages were set, + instead of if *all* of the allowed usages are set. This could be used to + bypass an application key usage check. Credit to Daniel Neus of Rohde & + Schwarz Cybersecurity for finding this issue. + + Introduced in 1.11.0, fixed in 1.11.31 + * 2016-03-17 (CVE-2016-2849): ECDSA side channel ECDSA (and DSA) signature algorithms perform a modular inverse on the diff --git a/readme.rst b/readme.rst index 2f6134ba8..35f58d159 100644 --- a/readme.rst +++ b/readme.rst @@ -100,9 +100,9 @@ Versions 1.11 and later require a working C++11 compiler; GCC 4.8 and later, Clang 3.4 and later, and MSVC 2013 are regularly tested. The latest development release is -`1.11.30 <http://botan.randombit.net/releases/Botan-1.11.30.tgz>`_ -`(sig) <http://botan.randombit.net/releases/Botan-1.11.30.tgz.asc>`_ -released on 2016-06-19 +`1.11.31 <http://botan.randombit.net/releases/Botan-1.11.31.tgz>`_ +`(sig) <http://botan.randombit.net/releases/Botan-1.11.31.tgz.asc>`_ +released on 2016-08-30 Old Stable Series (1.10) ---------------------------------------- |