Message ID | 20221206221221.1355052-1-fontaine.fabrice@gmail.com |
---|---|
State | Accepted |
Headers | show |
Series | [1/1] package/botan: security bump to version 2.19.3 | expand |
>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice@gmail.com> writes: > Fix CVE-2022-43705: In Botan before 2.19.3, it is possible to forge OCSP > responses due to a certificate verification error. This issue was > introduced in Botan 1.11.34 (November 2016). > https://github.com/randombit/botan/security/advisories/GHSA-4v9w-qvcq-6q7w > https://github.com/randombit/botan/blob/2.19.3/news.rst > Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Committed, thanks.
>>>>> "Peter" == Peter Korsgaard <peter@korsgaard.com> writes: >>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice@gmail.com> writes: >> Fix CVE-2022-43705: In Botan before 2.19.3, it is possible to forge OCSP >> responses due to a certificate verification error. This issue was >> introduced in Botan 1.11.34 (November 2016). >> https://github.com/randombit/botan/security/advisories/GHSA-4v9w-qvcq-6q7w >> https://github.com/randombit/botan/blob/2.19.3/news.rst >> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> > Committed, thanks. Committed to 2022.11.x and 2022.02.x, thanks.
diff --git a/package/botan/botan.hash b/package/botan/botan.hash index d768c669ea..64da04415e 100644 --- a/package/botan/botan.hash +++ b/package/botan/botan.hash @@ -1,4 +1,4 @@ # From https://botan.randombit.net/releases/sha256sums.txt -sha256 3af5f17615c6b5cd8b832d269fb6cb4d54ec64f9eb09ddbf1add5093941b4d75 Botan-2.19.2.tar.xz +sha256 dae047f399c5a47f087db5d3d9d9e8f11ae4985d14c928d71da1aff801802d55 Botan-2.19.3.tar.xz # Locally computed sha256 472faf6d2231130382779f96de506be19296473750356449fc426ddc9cb03b50 license.txt diff --git a/package/botan/botan.mk b/package/botan/botan.mk index b0ebe594b1..59fbc950b0 100644 --- a/package/botan/botan.mk +++ b/package/botan/botan.mk @@ -4,7 +4,7 @@ # ################################################################################ -BOTAN_VERSION = 2.19.2 +BOTAN_VERSION = 2.19.3 BOTAN_SOURCE = Botan-$(BOTAN_VERSION).tar.xz BOTAN_SITE = http://botan.randombit.net/releases BOTAN_LICENSE = BSD-2-Clause
Fix CVE-2022-43705: In Botan before 2.19.3, it is possible to forge OCSP responses due to a certificate verification error. This issue was introduced in Botan 1.11.34 (November 2016). https://github.com/randombit/botan/security/advisories/GHSA-4v9w-qvcq-6q7w https://github.com/randombit/botan/blob/2.19.3/news.rst Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> --- package/botan/botan.hash | 2 +- package/botan/botan.mk | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-)