aboutsummaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
Diffstat (limited to 'security')
-rw-r--r--security/vuxml/vuln.xml57
1 files changed, 57 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml
index 5fc488849004..7d5cdbe27b8b 100644
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@@ -58,6 +58,63 @@ Notes:
* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="ac0900df-31d0-11e6-8e82-002590263bf5">
+ <topic>botan -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>botan110</name>
+ <range><lt>1.10.13</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Jack Lloyd reports:</p>
+ <blockquote cite="https://lists.randombit.net/pipermail/botan-devel/2016-April/002101.html">
+ <p>Botan 1.10.13 has been released backporting some side channel
+ protections for ECDSA signatures (CVE-2016-2849) and PKCS #1 RSA
+ decryption (CVE-2015-7827).</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-2849</cvename>
+ <cvename>CVE-2015-7827</cvename>
+ <url>https://lists.randombit.net/pipermail/botan-devel/2016-April/002101.html</url>
+ </references>
+ <dates>
+ <discovery>2016-04-28</discovery>
+ <entry>2016-06-14</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="f771880c-31cf-11e6-8e82-002590263bf5">
+ <topic>botan -- cryptographic vulnerability</topic>
+ <affects>
+ <package>
+ <name>botan110</name>
+ <range><lt>1.10.8</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>MITRE reports:</p>
+ <blockquote cite="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9742">
+ <p>The Miller-Rabin primality check in Botan before 1.10.8 and 1.11.x
+ before 1.11.9 improperly uses a single random base, which makes it
+ easier for remote attackers to defeat cryptographic protection
+ mechanisms via a DH group.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2014-9742</cvename>
+ </references>
+ <dates>
+ <discovery>2014-04-11</discovery>
+ <entry>2016-06-14</entry>
+ </dates>
+ </vuln>
+
<vuln vid="6d402857-2fba-11e6-9f31-5404a68ad561">
<topic>VLC -- Possibly remote code execution via crafted file</topic>
<affects>
generated by cgit (git 2.34.1) at 2025-01-20 12:53:41 +0800