Overview

File _patchinfo of Package patchinfo.18468

<patchinfo incident="18468">
  <issue tracker="cve" id="2024-34702"/>
  <issue tracker="cve" id="2024-39312"/>
  <issue tracker="cve" id="2024-34703"/>
  <issue tracker="bnc" id="1227238">VUL-0: CVE-2024-34703: TRACKERBUG: Botan: denial of service due to overly large elliptic curve parameters</issue>
  <issue tracker="bnc" id="1227608">VUL-0: CVE-2024-39312: Botan: Improper certificate validation</issue>
  <issue tracker="bnc" id="1227607">VUL-0: CVE-2024-34702: Botan: Assymetric resource consumption</issue>
  <packager>ayankov</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for Botan</summary>
  <description>This update for Botan fixes the following issues:

Update to 2.19.5:

* Fix multiple Denial of service attacks due to X.509 cert processing:
* CVE-2024-34702 - boo#1227238
* CVE-2024-34703 - boo#1227607
* CVE-2024-39312 - boo#1227608
* Fix a crash in OCB
* Fix a test failure in compression with certain versions of zlib 
* Fix some iterator debugging errors in TLS CBC decryption. 
* Avoid a miscompilation in ARIA when using XCode 14 
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places