aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJack Lloyd <[email protected]>2015-10-15 12:35:53 -0400
committerJack Lloyd <[email protected]>2015-10-15 12:35:53 -0400
commitecd6d9de95fceba95aaf6e93a0543b05ef6a8369 (patch)
tree5e8f2ecad3640574b14fb3a5ba5dc350cce7b3a5
parent7335eefcf419a2ab7a770c3aa6fbb06956891bad (diff)
Add security notifications/advisory page to website.
Based on GH #272
Diffstat
-rw-r--r--doc/pgpkey.txt55
-rw-r--r--doc/security.rst51
-rwxr-xr-xsrc/scripts/website.sh4
3 files changed, 108 insertions, 2 deletions
diff --git a/doc/pgpkey.txt b/doc/pgpkey.txt
index e4b5a83f3..dc0807907 100644
--- a/doc/pgpkey.txt
+++ b/doc/pgpkey.txt
@@ -35,3 +35,58 @@ AAoJEKY/LL36AvvMgsoAn2G7kXd09BF7ffk1Sfh174SVrvM9AKC7+R7x0+yV3SCd
JkkUOo3xR5cOxw==
=1QuR
-----END PGP PUBLIC KEY BLOCK-----
+
+This key can be used to contact the primary maintainer:
+
+pub rsa3072/57123B60 2015-03-23
+ Key fingerprint = 4E60 C735 51AF 2188 DF0A 5A62 78E9 8043 5712 3B60
+ uid Jack Lloyd <[email protected]>
+
+
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v2
+
+mQGNBFUQXRMBDACZJvcSkr+GNDtIdP9fQWRXByriiIKvuKbqU8KGdhTcPeKwl3y3
+l1W9XsWA2DJ8QDKo4ZcV0lycszIvwBLZllJJWSVNFKxJK2IW33xcIo9dhNqj+hcz
+LxKtBlBU3QKXdQ9+VKSY4EpO6gt/ar21PV+EQcFA9UtT1mRKVqY0pGGxqfQjrOss
+rJKoJyA+1trH4ir7+0/524HNzsBj3B1GmrYfstspqetXyVQ1DoFiThUnj/zJGes5
+uW9laI9VBgrtMTBbYrylBytXiF0Flzx+bd21krgL37NH2uU0EHPjSx571q/XGG2U
+4iOEPvPu7vtV8Rpqd0xQyaHcpoHNklcfND1c/6uZG1Sx9atDScRYHinUZvtTRtN+
+OY5vW+H7LJqT6CeMjh6Ev53V+0JCDZFQLaBdP/NanSQBUhPkyfyQSiqWOSuaMD6n
+Eu+BigmzwDlsauuReTJ65gdIGI9Egt7Ax/ooKpBvPkWeT+GORKTs+qGy6sbKXrTe
+crFFN/HZPWAJ+c8AEQEAAbQgSmFjayBMbG95ZCA8bGxveWRAcmFuZG9tYml0Lm5l
+dD6JAbkEEwECACMFAlUQXRMCGwMHCwkIBwMCAQYVCAIJCgsEFgIDAQIeAQIXgAAK
+CRB46YBDVxI7YI8aC/9GY4DNepqtopq1YlY1XrtyLg3tGzKvJVHXw07kGZiuvFOY
+XJcDzuKhFaGuIKxJ+7PvreOXycD/9/WFXyCwvhczMgbRf3lFqkjQdmvnwmIGUfZL
+3pqorJDdSjKiaXk8/NJBEBHlTN199bFECTzBr48keGHrzUPUYh2U3wo8CNW5ZsHH
+HmibjeoOpfdLgK+dnUNwOk3/nEZtWUd9cTwCnd5vyxt7I1p1ntb3JLAEd4z5wd2a
+fJHbjQZ3uiTQBXDUd1PFH6I6fI7L+UeU+tGNPe3fe6G+zNhxmJPKBPEwzTA/r6iu
+LrQwNBHYPYm6J/fKBDU117Hnwuz4W9RSVVrtizCWIba6EptFencigruCHaO4CWbF
+l71Cu8n6ibEINHdKpE9qQzSD5kHfwsJ6FVnl9Qk8yJqh9U7NF/C8hHLbpF9J5n4W
+fN3qZyFpUMbsEVp6Rhv/ObnxwaqNYWCqCyiCawsNk//ks4Xr+HmePJ3XA9lzvgVC
+oMEra+n1RbHCEGImpUmJARwEEAEIAAYFAlYaUEwACgkQYhHr8e+637zLeQf+OdP/
+xE2YyFUJL1+xEKHpvAeN+98Vn1C2sTmotNIaPwVBY9FLeA484IWdFwnJfXx1gQyy
+bxlytz4BZuC7Jzu60OEmk5IFRIqQoVywEXWCOUg/UEBWZm+ZcRzIFciqj9PcOfpt
+6s/aSZd5+Rcm5HUGALYCqek2s9nGO8a1Wnk4m9d1u/RAGlxFM2the1v5p597ItGh
+cOP3tjWVPPOuTe0E+/FI3ZxpotKGdfS6F/GB2bP7kma2iVO621Cs9wsYmrZEamKp
+ax7X7p9myaAG0YRdCTslFd/EOTLOllPhy58DTr7qyswBPEI0x8WEDTE0G0IdQYNm
+Lq4kuzeOaIlcUMULzbkBjQRVEF0TAQwA3o0T99H866uziNzpJpWhwpJn7+kZdWvF
+D9kWhtruQmrT0MtBnbW8diSrvAysC1r0PqAflstn3TEjpJzJH19hNZgNd0MfHxKD
+syPdkqHGOvW1CJxE9PoE/hYuoEgJ2VRZX/84JEWTXcbx94M75lPxg/91VSuPef3+
+bB84ebs2lvs8df8sW4PKj/URdlnKrDf8uUj7P7W4EoVgPZarMvDxKb9T5qPM/rLT
+jBSR/jlWMuQUjZs+ToJVg23ZO84TMg7fMEA3oNItIU5Nif1TBHa+um+gmwOONJGN
+yNtn/y4UJZ8uGBPAx5BwfSPEevjtCzZygCkcEAgHnt5Lpn/LhWNrdjQA2lvnUW7s
+wM9dBdbiDz0YxMgQq7b8pQ3+icYhiHomz1Fg1/xIn7BpDQ1QtcAyTUAB+SeXYCmX
+2ApEMfoS969Bc9UjoSU5NnDiCobP3EaoL6BuaHZSZLmfwH+crZ3QAw37V6VkBqlM
+UV04yEx0N4GT7UZFD+3/OwtNQ9JJFUsXABEBAAGJAZ8EGAECAAkFAlUQXRMCGwwA
+CgkQeOmAQ1cSO2DeuAwAgMmCe4Rjud64kwjMfI7n1rxf72Kn1d94M3CNqomTSsii
+pJ2QiqMbwjoLiVt4vSmcbOWK528SZCKPiGdI185STnygbJF3JR4r14LYp5n4ezey
+oy4CGVgiH5FHqJ+jmSrFH+B6jqJcpLxWoNBGKqhJKsuqEhTuRCIVxBZzfBhpI5Rc
+2lnO+VOUxgzio/1ivO7x0bW0pJPd+ZaLyX39OYcg+2ySAHR3NN2Qp7aRmkkUWq5i
+2ita0JDAX7Ca0DTY0wfCtDPCH9Go3P3BQTCFBUFr8DynTB0SyQsVBle3c+djwYdB
+XPn20CuiXDeR6zT9Wu2AJQVLu2+af3EjqUnG95CI3oRzbPmBvAoFKGRK+imLSDzd
+gt5I0+sIgGYtII6bUCOxcXexBrMRioAaEHqqJsKy55vGemurxBr+PTCyrufxk7tr
+px1yeG7h8Xdh1ZxpaUJQrPNZvxZdeh4Jo4rGYPkiCwaIDGc8q+wGB7WsyGUKgkmE
+kSZSXDGg/rs23aYdtiH9
+=o8bh
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/doc/security.rst b/doc/security.rst
new file mode 100644
index 000000000..4b36fa717
--- /dev/null
+++ b/doc/security.rst
@@ -0,0 +1,51 @@
+
+Security
+========================================
+
+If you think you have found a security bug in Botan please contact
+Jack Lloyd ([email protected]). If you would like to encrypt your
+mail please use::
+
+ pub rsa3072/57123B60 2015-03-23
+ Key fingerprint = 4E60 C735 51AF 2188 DF0A 5A62 78E9 8043 5712 3B60
+ uid Jack Lloyd <[email protected]>
+
+This key can be found in the file `pgpkey.txt` or online at
+https://keybase.io/jacklloyd and on most PGP keyservers.
+
+Advisories
+----------------------------------------
+
+2015
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* 2015-08-03 (CVE-2015-5726)
+
+ The BER decoder would crash due to reading from offset 0 of an empty vector if
+ it encountered a BIT STRING which did not contain any data at all. This can be
+ used to easily crash applicatons reading untrusted ASN.1 data, but does not
+ seem exploitable for code execution. Found with afl.
+
+ Fixed in 1.11.19 and 1.10.10, affected all previous versions of 1.10 and 1.11
+
+* 2015-08-03 (CVE-2015-5727)
+
+ The BER decoder would allocate a fairly arbitrary amount of memory in a length
+ field, even if there was no chance the read request would succeed. This might
+ cause the process to run out of memory or invoke the OOM killer. Found with afl.
+
+ Fixed in 1.11.19 and 1.10.10, affected all previous versions of 1.10 and 1.11
+
+2014
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* 2014-04-10 (CVE-2014-9742)
+
+ A bug in the Miller-Rabin primality test resulted in only a single random base
+ being used instead of a sequence of such bases. This increased the probability
+ that a non-prime would be accepted by is_prime or that a randomly generated
+ prime might actually be composite. The probability of a random 1024 bit
+ number being incorrectly classed as prime with a single base is around 2^-40.
+ Reported by Jeff Marrison.
+
+ Fixed in 1.11.9 and 1.10.8, affected all versions since 1.8.3
diff --git a/src/scripts/website.sh b/src/scripts/website.sh
index 525b2fcca..5b7e1c6cb 100755
--- a/src/scripts/website.sh
+++ b/src/scripts/website.sh
@@ -12,8 +12,8 @@ rm -rf $WEBSITE_SRC_DIR $WEBSITE_DIR
mkdir -p $WEBSITE_SRC_DIR
cp readme.rst $WEBSITE_SRC_DIR/index.rst
-cp -r doc/news.rst $WEBSITE_SRC_DIR
-echo -e ".. toctree::\n\n index\n news\n" > $WEBSITE_SRC_DIR/contents.rst
+cp -r doc/news.rst doc/security.rst $WEBSITE_SRC_DIR
+echo -e ".. toctree::\n\n index\n news\n security\n" > $WEBSITE_SRC_DIR/contents.rst
sphinx-build -t website -c "$SPHINX_CONFIG" -b "$SPHINX_BUILDER" $WEBSITE_SRC_DIR $WEBSITE_DIR
sphinx-build -t website -c "$SPHINX_CONFIG" -b "$SPHINX_BUILDER" doc/manual $WEBSITE_DIR/manual
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-29 16:29:43 +0000