680830 – dev-libs/botan-2.9.0 version bump

Bug 680830 - dev-libs/botan-2.9.0 version bump

Summary: dev-libs/botan-2.9.0 version bump

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Current packages (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Jack Lloyd

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2019-03-18 07:09 UTC by cyberbat
Modified:	2019-03-18 18:42 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description cyberbat 2019-03-18 07:09:41 UTC

https://botan.randombit.net/news.html
CVE-2018-20187: Address a side channel during ECC key generation, which used an unblinded Montgomery ladder. As a result, a timing attack can reveal information about the high bits of the secret key.

bump from 2.8.0 and removing the only patch file works here

Comment 1 Larry the Git Cow gentoo-dev

2019-03-18 18:42:14 UTC

The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=01b1039a8b8f184410573fa502b12afc58c74ee5

commit 01b1039a8b8f184410573fa502b12afc58c74ee5
Author:     Alon Bar-Lev <alonbl@gentoo.org>
AuthorDate: 2019-03-18 18:41:01 +0000
Commit:     Alon Bar-Lev <alonbl@gentoo.org>
CommitDate: 2019-03-18 18:42:03 +0000

    dev-libs/botan: verison bump
    
    Closes: https://bugs.gentoo.org/show_bug.cgi?id=680830
    Signed-off-by: Alon Bar-Lev <alonbl@gentoo.org>
    Package-Manager: Portage-2.3.62, Repoman-2.3.11

 dev-libs/botan/Manifest           |  1 +
 dev-libs/botan/botan-2.9.0.ebuild | 99 +++++++++++++++++++++++++++++++++++++++
 2 files changed, 100 insertions(+)