Use Botan specific CVE for ECDSA side channel [ci skip]

author: Jack Lloyd <[email protected]> 2018-06-15 12:49:06 -0400
committer: Jack Lloyd <[email protected]> 2018-06-15 12:50:15 -0400
commit: c6c78fe6835802095bd615a033da915bd25bad49 (patch)
tree: 3f845d197427f62d7e94a37fa4f84fbcd50946c1 /doc/security.rst
parent: ae9b7e89cf9b550e25f8eefa64d0b2733ff6f82e (diff)
1 files changed, 2 insertions, 3 deletions
diff --git a/doc/security.rst b/doc/security.rst
index cd84997cc..07292132a 100644
--- a/doc/security.rst
+++ b/doc/security.rst
@@ -18,13 +18,12 @@ https://keybase.io/jacklloyd and on most PGP keyservers.
 2018
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
-* 2018-06-13 (CVE-2018-0495): ECDSA side channel
+* 2018-06-13 (CVE-2018-12435): ECDSA side channel
 
   A side channel in the ECDSA signature operation could allow a local attacker
   to recover the secret key. Found by Keegan Ryan of NCC Group.
 
-  Fixed in 2.7.0. Due to a slight difference in code structure, versions before
-  2.5.0 are not affected by this issue.
+  Bug introduced in 2.5.0, fixed in 2.7.0. The 1.10 branch is not affected.
 
 * 2018-04-10 (CVE-2018-9860): Memory overread in TLS CBC decryption
author	Jack Lloyd <[email protected]>	2018-06-15 12:49:06 -0400
committer	Jack Lloyd <[email protected]>	2018-06-15 12:50:15 -0400
commit	c6c78fe6835802095bd615a033da915bd25bad49 (patch)
tree	3f845d197427f62d7e94a37fa4f84fbcd50946c1 /doc/security.rst
parent	ae9b7e89cf9b550e25f8eefa64d0b2733ff6f82e (diff)