[prev in list] [next in list] [prev in thread] [next in thread] 

List:       botan-devel
Subject:    [botan-devel] Botan 1.10.12 released
From:       "Jack Lloyd" <lloyd () randombit ! net>
Date:       2016-02-03 9:00:12
Message-ID: 20160203090012.GA12076 () randombit ! net
[Download RAW message or body]


Remi Gacogne pointed out that the fix in 1.10.11 for CVE-2016-2195 was
not quite right; the check in PointGFp intended to check that x and y
were less than the prime instead checked x twice.

However, don't panic: the overflow cannot occur in 1.10.11 because of
an additional length check in the multiplication function itself which
was added at the same time. So I don't believe there are any security
implications to this missing check. Nonetheless to avoid confusion and
out of an abundance of caution I have released 1.10.12 which has the
correction.

SHA-256 affc3a79919577943f896e64d3e4a4dcc4970c5bf80cc98c7f3a3144745eac27

https://botan.randombit.net/releases/Botan-1.10.12.tgz
https://botan.randombit.net/releases/Botan-1.10.12.tgz.asc

Jack
_______________________________________________
botan-devel mailing list
botan-devel@randombit.net
http://lists.randombit.net/mailman/listinfo/botan-devel
[prev in list] [next in list] [prev in thread] [next in thread] 

Configure | About | News | Add a list | Sponsored by KoreLogic