FEDORA-2016-1b64186cbd

security update in Fedora 23 for botan

Status: obsolete

Botan 1.10.14

  • NOTE WELL: Botan 1.10.x is supported for security patches only until 2017-12-31
  • Fix integer overflow during BER decoding, found by Falko Strenzke. This bug is not thought to be directly exploitable but upgrading ASAP is advised. (CVE-2016-9132)
  • Fix two cases where (in error situations) an exception would be thrown from a destructor, causing a call to std::terminate.
  • When RC4 is disabled in the build, also prevent it from being included in the OpenSSL provider. (GH #638)

Comments 3

This update has been submitted for testing by thm.

This update has been pushed to testing.

This update has reached 7 days in testing and can be pushed to stable now if the maintainer wishes

Add Comment & Feedback

Please login to add feedback.

Content Type
RPM
Status
obsolete
Test Gating
Submitted by
Update Type
security
Update Severity
unspecified
Karma
0
stable threshold: 3
unstable threshold: -3
Autopush (karma)
Enabled
Autopush (time)
Disabled
Dates
submitted 2 years ago
in testing 2 years ago

Related Bugs 2

00 #1400894 CVE-2016-9132 botan: Integer overflow in BER decoder
00 #1400895 CVE-2016-9132 botan: Integer overflow in BER decoder [fedora-all]

Automated Test Results