https://botan.randombit.net/news.html CVE-2018-20187: Address a side channel during ECC key generation, which used an unblinded Montgomery ladder. As a result, a timing attack can reveal information about the high bits of the secret key. bump from 2.8.0 and removing the only patch file works here
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=01b1039a8b8f184410573fa502b12afc58c74ee5 commit 01b1039a8b8f184410573fa502b12afc58c74ee5 Author: Alon Bar-Lev <alonbl@gentoo.org> AuthorDate: 2019-03-18 18:41:01 +0000 Commit: Alon Bar-Lev <alonbl@gentoo.org> CommitDate: 2019-03-18 18:42:03 +0000 dev-libs/botan: verison bump Closes: https://bugs.gentoo.org/show_bug.cgi?id=680830 Signed-off-by: Alon Bar-Lev <alonbl@gentoo.org> Package-Manager: Portage-2.3.62, Repoman-2.3.11 dev-libs/botan/Manifest | 1 + dev-libs/botan/botan-2.9.0.ebuild | 99 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 100 insertions(+)