[prev in list] [next in list] [prev in thread] [next in thread]
List: botan-devel
Subject: [botan-devel] Botan 1.10.12 released
From: "Jack Lloyd" <lloyd () randombit ! net>
Date: 2016-02-03 9:00:12
Message-ID: 20160203090012.GA12076 () randombit ! net
[Download RAW message or body]
Remi Gacogne pointed out that the fix in 1.10.11 for CVE-2016-2195 was
not quite right; the check in PointGFp intended to check that x and y
were less than the prime instead checked x twice.
However, don't panic: the overflow cannot occur in 1.10.11 because of
an additional length check in the multiplication function itself which
was added at the same time. So I don't believe there are any security
implications to this missing check. Nonetheless to avoid confusion and
out of an abundance of caution I have released 1.10.12 which has the
correction.
SHA-256 affc3a79919577943f896e64d3e4a4dcc4970c5bf80cc98c7f3a3144745eac27
https://botan.randombit.net/releases/Botan-1.10.12.tgz
https://botan.randombit.net/releases/Botan-1.10.12.tgz.asc
Jack
_______________________________________________
botan-devel mailing list
botan-devel@randombit.net
http://lists.randombit.net/mailman/listinfo/botan-devel
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic