aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--news.rst8
-rw-r--r--readme.rst6
2 files changed, 10 insertions, 4 deletions
diff --git a/news.rst b/news.rst
index 73f691462..29eae9cff 100644
--- a/news.rst
+++ b/news.rst
@@ -1,9 +1,15 @@
Release Notes
========================================
-Version 2.6.0, Not Yet Released
+Version 2.6.0, 2018-04-10
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+* CVE-2018-9860 Fix a bug decrypting TLS CBC ciphertexts which could
+ for a malformed ciphertext cause the decryptor to read and HMAC an
+ additional 64K bytes of data which is not part of the record. This
+ could cause a crash if the read went into unmapped memory. No
+ information leak or out of bounds write occurs.
+
* Add support for OAEP labels (GH #1508)
* RSA signing is about 15% faster (GH #1523) and RSA verification is
diff --git a/readme.rst b/readme.rst
index 3357c3a67..e4189dacf 100644
--- a/readme.rst
+++ b/readme.rst
@@ -105,9 +105,9 @@ MSVC 2015/2017 are regularly tested. New releases of Botan 2 are made on a
quarterly basis.
The latest 2.x release is
-`2.5.0 <https://botan.randombit.net/releases/Botan-2.5.0.tgz>`_
-`(sig) <https://botan.randombit.net/releases/Botan-2.5.0.tgz.asc>`_
-released on 2018-04-02
+`2.6.0 <https://botan.randombit.net/releases/Botan-2.6.0.tgz>`_
+`(sig) <https://botan.randombit.net/releases/Botan-2.6.0.tgz.asc>`_
+released on 2018-04-10
Old Release
----------------------------------------