aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--doc/news.rst14
-rw-r--r--doc/security.rst8
-rw-r--r--readme.rst12
3 files changed, 24 insertions, 10 deletions
diff --git a/doc/news.rst b/doc/news.rst
index 2effcf0fd..b2757a2a8 100644
--- a/doc/news.rst
+++ b/doc/news.rst
@@ -1,9 +1,21 @@
Release Notes
========================================
-Version 1.11.27, Not Yet Released
+Version 1.11.27, 2016-02-01
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+* SECURITY: Avoid heap overflow in ECC point decoding. This could
+ likely result in remote code execution. CVE-2016-2195
+
+* SECURITY: Avoid one word heap overflow in P-521 reduction function.
+ This could potentially lead to remote code execution or other
+ attack. CVE-2016-2196.
+
+* SECURITY: Avoid infinite or near-infinite loop during modular square
+ root algorithm with invalid inputs. CVE-2016-2194
+
+* Add Blake2b hash function. GH #413
+
* Use m_ prefix on all member variables. GH #398 and #407
* Use final qualifier on many classes. GH #408
diff --git a/doc/security.rst b/doc/security.rst
index 2552d6751..4f18381d6 100644
--- a/doc/security.rst
+++ b/doc/security.rst
@@ -19,12 +19,14 @@ Advisories
2016
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-* 2016-06-01 (CVE-2016-2196): Overwrite in P-521 reduction
+* 2016-02-01 (CVE-2016-2196): Overwrite in P-521 reduction
The P-521 reduction function would overwrite zero to one word
following the allocated block. This could potentially result
in remote code execution or a crash. Found with AFL
+ Introduced in 1.11.10, fixed in 1.11.27
+
* 2016-02-01 (CVE-2016-2195): Heap overflow on invalid ECC point
The PointGFp constructor did not check that the affine coordinate
@@ -49,7 +51,7 @@ Advisories
Found by Alex Gaynor fuzzing with AFL
- Versions affected: all before 1.11.27 and 1.10.11
+ Introduced in 1.9.18, fixed in 1.11.27 and 1.10.11
* 2016-02-01 (CVE-2016-2194): Infinite loop in modulur square root algorithm
@@ -60,7 +62,7 @@ Advisories
This function is exposed to attacker controlled input via the OS2ECP
function during ECC point decompression. Found by AFL
- Versions affected: all before 1.11.27 and 1.10.11
+ Introduced in 1.7.15, fixed in 1.11.27 and 1.10.11
2015
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
diff --git a/readme.rst b/readme.rst
index 5b121e101..0fce10b25 100644
--- a/readme.rst
+++ b/readme.rst
@@ -105,9 +105,9 @@ later, Clang 3.4 and later, and MSVC 2013 are regularly tested.
A new development release is made on the first Monday of every month.
The latest development release is
-`1.11.26 <http://botan.randombit.net/releases/Botan-1.11.26.tgz>`_
-`(sig) <http://botan.randombit.net/releases/Botan-1.11.26.tgz.asc>`_
-released on 2016-01-04
+`1.11.27 <http://botan.randombit.net/releases/Botan-1.11.27.tgz>`_
+`(sig) <http://botan.randombit.net/releases/Botan-1.11.27.tgz.asc>`_
+released on 2016-02-01
Old Stable Series (1.10)
----------------------------------------
@@ -117,9 +117,9 @@ and is the most commonly packaged version. It is still supported for
security patches, but all development efforts are focused on 1.11.
The latest 1.10 release is
-`1.10.10 <http://botan.randombit.net/releases/Botan-1.10.10.tgz>`_
-`(sig) <http://botan.randombit.net/releases/Botan-1.10.10.tgz.asc>`_
-released on 2015-08-03
+`1.10.11 <http://botan.randombit.net/releases/Botan-1.10.11.tgz>`_
+`(sig) <http://botan.randombit.net/releases/Botan-1.10.11.tgz.asc>`_
+released on 2016-02-01
Books and other resources
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^