diff options
-rw-r--r-- | news.rst | 8 | ||||
-rw-r--r-- | readme.rst | 6 |
2 files changed, 10 insertions, 4 deletions
@@ -1,9 +1,15 @@ Release Notes ======================================== -Version 2.6.0, Not Yet Released +Version 2.6.0, 2018-04-10 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +* CVE-2018-9860 Fix a bug decrypting TLS CBC ciphertexts which could + for a malformed ciphertext cause the decryptor to read and HMAC an + additional 64K bytes of data which is not part of the record. This + could cause a crash if the read went into unmapped memory. No + information leak or out of bounds write occurs. + * Add support for OAEP labels (GH #1508) * RSA signing is about 15% faster (GH #1523) and RSA verification is diff --git a/readme.rst b/readme.rst index 3357c3a67..e4189dacf 100644 --- a/readme.rst +++ b/readme.rst @@ -105,9 +105,9 @@ MSVC 2015/2017 are regularly tested. New releases of Botan 2 are made on a quarterly basis. The latest 2.x release is -`2.5.0 <https://botan.randombit.net/releases/Botan-2.5.0.tgz>`_ -`(sig) <https://botan.randombit.net/releases/Botan-2.5.0.tgz.asc>`_ -released on 2018-04-02 +`2.6.0 <https://botan.randombit.net/releases/Botan-2.6.0.tgz>`_ +`(sig) <https://botan.randombit.net/releases/Botan-2.6.0.tgz.asc>`_ +released on 2018-04-10 Old Release ---------------------------------------- |