Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs
base: 13481f2a56ee
Choose a base ref
...
head repository: NixOS/nixpkgs
compare: c588499fbba4
Choose a head ref
  • 2 commits
  • 1 file changed
  • 2 contributors

Commits on Nov 24, 2020

  1. botan2: update 2.7.0 -> 2.9.0 

    Fixes:
CVE-2018-12435: requires >= 2.7.0 (NVD extry is incorrect)
"Bug introduced in 2.5.0, fixed in 2.7.0. The 1.10 branch is not affected."
A side channel in the ECDSA signature operation could allow a local attacker to recover the secret key.

CVE-2018-20187: requires >= 2.9.0
"Introduced in 1.11.20, fixed in 2.8.0."
A timing side channel during ECC key generation could leak information about the high bits of the secret scalar. Such information allows an attacker to perform a brute force attack on the key somewhat more efficiently than they would otherwise.
    @redvers
    redvers committed Nov 24, 2020
    Copy the full SHA
    93b523d View commit details
    Browse the repository at this point in the history

Commits on Nov 30, 2020

  1. Merge pull request #104458 from redvers/update_botan_2.7_to_2.9 

    botan2: update 2.7.0 -> 2.9.0
    @andir
    andir committed Nov 30, 2020
    Copy the full SHA
    c588499 View commit details
    Browse the repository at this point in the history