Use Botan specific CVE for ECDSA side channel [ci skip]

author: Jack Lloyd <[email protected]> 2018-06-15 12:49:06 -0400
committer: Jack Lloyd <[email protected]> 2018-06-15 12:50:15 -0400
commit: c6c78fe6835802095bd615a033da915bd25bad49 (patch)
tree: 3f845d197427f62d7e94a37fa4f84fbcd50946c1
parent: ae9b7e89cf9b550e25f8eefa64d0b2733ff6f82e (diff)
2 files changed, 3 insertions, 4 deletions
diff --git a/doc/security.rst b/doc/security.rst
index cd84997cc..07292132a 100644
--- a/doc/security.rst
+++ b/doc/security.rst
@@ -18,13 +18,12 @@ https://keybase.io/jacklloyd and on most PGP keyservers.
 2018
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
-* 2018-06-13 (CVE-2018-0495): ECDSA side channel
+* 2018-06-13 (CVE-2018-12435): ECDSA side channel
 
   A side channel in the ECDSA signature operation could allow a local attacker
   to recover the secret key. Found by Keegan Ryan of NCC Group.
 
-  Fixed in 2.7.0. Due to a slight difference in code structure, versions before
-  2.5.0 are not affected by this issue.
+  Bug introduced in 2.5.0, fixed in 2.7.0. The 1.10 branch is not affected.
 
 * 2018-04-10 (CVE-2018-9860): Memory overread in TLS CBC decryption
 
diff --git a/news.rst b/news.rst
index bd56a7eb6..4aa2ee65c 100644
--- a/news.rst
+++ b/news.rst
@@ -4,7 +4,7 @@ Release Notes
 Version 2.7.0, Not Yet Released
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
-* CVE-2018-0495 Avoid a side channel in ECDSA signature generation (GH #1604)
+* CVE-2018-12435 Avoid a side channel in ECDSA signature generation (GH #1604)
 
 * Avoid a side channel in RSA key generation due to use of a non-constant time
   gcd algorithm. (GH #1542 #1556)
author	Jack Lloyd <[email protected]>	2018-06-15 12:49:06 -0400
committer	Jack Lloyd <[email protected]>	2018-06-15 12:50:15 -0400
commit	c6c78fe6835802095bd615a033da915bd25bad49 (patch)
tree	3f845d197427f62d7e94a37fa4f84fbcd50946c1
parent	ae9b7e89cf9b550e25f8eefa64d0b2733ff6f82e (diff)