[Buildroot] [git commit branch/2017.02.x] package/botan: security bump to version 1.10.16
Peter Korsgaard
peter at korsgaard.com
Thu Sep 7 14:49:21 UTC 2017
commit: https://git.buildroot.net/buildroot/commit/?id=8a673badcb1ec994b8fb8dd1891de4f3de0fc5fb
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/2017.02.x
Fixes CVE-2017-2801: A programming error exists in a way Randombit Botan
cryptographic library version 2.0.1 implements x500 string comparisons which
could lead to certificate verification issues and abuse. A specially
crafted X509 certificate would need to be delivered to the client or server
application in order to trigger this vulnerability.
[Peter: extend commit message with security fixes info]
Signed-off-by: Bernd Kuhls <bernd.kuhls at t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni at free-electrons.com>
(cherry picked from commit 033aa8d4e9ad13ee56dbb372ad45a7d83bca4f53)
Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
---
package/botan/botan.hash | 2 +-
package/botan/botan.mk | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/package/botan/botan.hash b/package/botan/botan.hash
index 3da5f69..3d46a13 100644
--- a/package/botan/botan.hash
+++ b/package/botan/botan.hash
@@ -1,2 +1,2 @@
# Locally calculated after checking pgp signature
-sha256 23ec973d4b4a4fe04f490d409e08ac5638afe3aa09acd7f520daaff38ba19b90 Botan-1.10.13.tgz
+sha256 6c5472401d06527e87adcb53dd270f3c9b1fb688703b04dd7a7cfb86289efe52 Botan-1.10.16.tgz
diff --git a/package/botan/botan.mk b/package/botan/botan.mk
index fc8fa69..2829552 100644
--- a/package/botan/botan.mk
+++ b/package/botan/botan.mk
@@ -4,7 +4,7 @@
#
################################################################################
-BOTAN_VERSION = 1.10.13
+BOTAN_VERSION = 1.10.16
BOTAN_SOURCE = Botan-$(BOTAN_VERSION).tgz
BOTAN_SITE = http://botan.randombit.net/releases
BOTAN_LICENSE = BSD-2c
More information about the buildroot
mailing list