From c6c78fe6835802095bd615a033da915bd25bad49 Mon Sep 17 00:00:00 2001
From: Jack Lloyd <jack@randombit.net>
Date: Fri, 15 Jun 2018 12:49:06 -0400
Subject: Use Botan specific CVE for ECDSA side channel [ci skip]

---
 doc/security.rst | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

(limited to 'doc/security.rst')

diff --git a/doc/security.rst b/doc/security.rst
index cd84997cc..07292132a 100644
--- a/doc/security.rst
+++ b/doc/security.rst
@@ -18,13 +18,12 @@ https://keybase.io/jacklloyd and on most PGP keyservers.
 2018
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
-* 2018-06-13 (CVE-2018-0495): ECDSA side channel
+* 2018-06-13 (CVE-2018-12435): ECDSA side channel
 
   A side channel in the ECDSA signature operation could allow a local attacker
   to recover the secret key. Found by Keegan Ryan of NCC Group.
 
-  Fixed in 2.7.0. Due to a slight difference in code structure, versions before
-  2.5.0 are not affected by this issue.
+  Bug introduced in 2.5.0, fixed in 2.7.0. The 1.10 branch is not affected.
 
 * 2018-04-10 (CVE-2018-9860): Memory overread in TLS CBC decryption
 
-- 
cgit v1.2.3