Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs
base: 1b5f65035212
Choose a base ref
...
head repository: NixOS/nixpkgs
compare: cd7051d57312
Choose a head ref
  • 1 commit
  • 1 file changed
  • 1 contributor

Commits on Jan 13, 2021

  1. botan2: update 2.7.0 -> 2.9.0 

    Fixes:
CVE-2018-12435: requires >= 2.7.0 (NVD extry is incorrect)
"Bug introduced in 2.5.0, fixed in 2.7.0. The 1.10 branch is not affected."
A side channel in the ECDSA signature operation could allow a local attacker to recover the secret key.

CVE-2018-20187: requires >= 2.9.0
"Introduced in 1.11.20, fixed in 2.8.0."
A timing side channel during ECC key generation could leak information about the high bits of the secret scalar. Such information allows an attacker to perform a brute force attack on the key somewhat more efficiently than they would otherwise.

(cherry picked from commit 93b523d)
    @redvers @erictapen
    redvers authored and erictapen committed Jan 13, 2021
    Copy the full SHA
    cd7051d View commit details
    Browse the repository at this point in the history