Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 881529 (CVE-2022-43705) - <dev-libs/botan-2.19.3: OCSP response falsification
Summary: <dev-libs/botan-2.19.3: OCSP response falsification
Status: IN_PROGRESS
Alias: CVE-2022-43705
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: https://github.com/randombit/botan/se...
Whiteboard: A4 [glsa? cleanup]
Keywords:
Depends on: 885509
Blocks:
  Show dependency tree
 
Reported: 2022-11-16 17:24 UTC by John Helmert III
Modified: 2022-12-13 21:51 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-11-16 17:24:35 UTC
"Botan 2.19.3 has been released today fixing a security issue when
verifying OCSP responses. It is possible for a malicious responder to
falsify a OCSP response - notably this vulnerability also affects
stapled OCSP responses in TLS."
Comment 1 Larry the Git Cow gentoo-dev 2022-11-17 01:06:03 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9841574e46260f409c25aea7c4b7a95bc1aad1d4

commit 9841574e46260f409c25aea7c4b7a95bc1aad1d4
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2022-11-17 01:01:46 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-11-17 01:01:46 +0000

    dev-libs/botan: add 2.19.3
    
    Bug: https://bugs.gentoo.org/881529
    Signed-off-by: Sam James <sam@gentoo.org>

 dev-libs/botan/Manifest            |   2 +
 dev-libs/botan/botan-2.19.3.ebuild | 180 +++++++++++++++++++++++++++++++++++++
 2 files changed, 182 insertions(+)