-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 29 Apr 2016 17:49:39 +0200 Source: botan1.10 Binary: botan1.10-dbg libbotan-1.10-0 libbotan1.10-dev Architecture: source amd64 Version: 1.10.8-2+deb8u1 Distribution: jessie-security Urgency: high Maintainer: Ondřej Surý <ondrej@debian.org> Changed-By: Markus Koschany <apo@debian.org> Description: botan1.10-dbg - multiplatform crypto library (debug) libbotan-1.10-0 - multiplatform crypto library libbotan1.10-dev - multiplatform crypto library (development) Changes: botan1.10 (1.10.8-2+deb8u1) jessie-security; urgency=high . * Non-maintainer upload. * CVE-2015-5726: Fix crash in BER decoder. * CVE-2015-5727: Fix excess memory allocation in BER decoder. * CVE-2015-7827: Fix PKCS #1 v1.5 decoding was not constant time. * CVE-2016-2194: Fix infinite loop in modulur square root algorithm. * CVE-2016-2195: Fix Heap overflow on invalid ECC point. * CVE-2016-2849: Use constant time modular inverse algorithm to avoid possible side channel attack against ECDSA. Checksums-Sha1: 5f9f61321de870dd23e8f7ac7f4541faea8f6575 2191 botan1.10_1.10.8-2+deb8u1.dsc a7ba0be11629143043da078a4c044eac3369b4ec 2211993 botan1.10_1.10.8.orig.tar.bz2 29add573677e94b91f1e37c375869b03cb5335d7 15988 botan1.10_1.10.8-2+deb8u1.debian.tar.xz d69c5492faf702d269857a212ddef9722aa23965 112748 botan1.10-dbg_1.10.8-2+deb8u1_amd64.deb 22e9a1449d4a1fe9620e4b405fb33850c1f690b7 937476 libbotan-1.10-0_1.10.8-2+deb8u1_amd64.deb 114d334468d2f80cd3611ca9058d4b7d7eebcfbc 1424122 libbotan1.10-dev_1.10.8-2+deb8u1_amd64.deb Checksums-Sha256: e3cd3de0f0684d15e28a6fafabbdbc18d65c051750b75f4b807ae2992449e284 2191 botan1.10_1.10.8-2+deb8u1.dsc bc2fd5fe904bba7cd688df021689f53a2d2f87ae728b647196a6b5954d184ea0 2211993 botan1.10_1.10.8.orig.tar.bz2 8a27c345652aba3a2cad262b61fa99754ccdf89f2d5cdd7f9ea4129acc17b255 15988 botan1.10_1.10.8-2+deb8u1.debian.tar.xz 0332c98448f7a531d1ab492d7b381cc3bafedb7e0599c4f1808a1077e2df2698 112748 botan1.10-dbg_1.10.8-2+deb8u1_amd64.deb 3992440a68e3d6ffffbd23e77ad4e2ef3cdb9d0996038cdb779884013a756604 937476 libbotan-1.10-0_1.10.8-2+deb8u1_amd64.deb 9e9618e25f05536ee16ea0a8645fc448b6c35809c589a13f6135205c2a97ab5a 1424122 libbotan1.10-dev_1.10.8-2+deb8u1_amd64.deb Files: 05a2e7493701ce10b588858f5ac0199c 2191 libs optional botan1.10_1.10.8-2+deb8u1.dsc a0b68a77ed8b1170f494a33ecdae039c 2211993 libs optional botan1.10_1.10.8.orig.tar.bz2 445041fc8ce796f6107979aa2a124f92 15988 libs optional botan1.10_1.10.8-2+deb8u1.debian.tar.xz d534121d89ee0fe9c3e0eb90de8db22d 112748 debug extra botan1.10-dbg_1.10.8-2+deb8u1_amd64.deb 5ff45f35f29728ef9a3a09896179d424 937476 libs optional libbotan-1.10-0_1.10.8-2+deb8u1_amd64.deb 12bbfd0818bef3fc6c21e131c1142201 1424122 libdevel optional libbotan1.10-dev_1.10.8-2+deb8u1_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQJ8BAEBCgBmBQJXI4STXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRBQ0YzRDA4OEVGMzJFREVGNkExQTgzNUZE OUFEMTRCOTUxM0I1MUU0AAoJENmtFLlRO1Hk33wQAJPCqM/Y2MexyuupP2Vu9nsr yMPIbZ+o+7QNUlPQTjlOMiMlooSYoMMgdcvLBP3p0eFVKl7sj7P5TBJ5Xf+a/KHZ rhefco4jiS6CdCyGYKv3/ZXXVBraDooo9kZuEyOFTv0OodKpngJ9i8MGb7eNqglK fMMJLHo3BSTH/EaVFVMkxZ4pDb36TpTmynqYF3px/1uhdHD0YyBnjZuD++Y7l3WT qrw+FzUxO5xAoTphmY5GEuAhBISyJXIN6JyVApzB4eaGmHoSSvqjbavWRc74IjdZ 7uUuwsyrrL6Ysih+dvCCj3jRddMWgo8FBevmQ610/yZeryy/pjhfVirlrN1wI0gx AZVj8lyJn9jM3PUU8hGCWz1AEYSlwEiTSVIbEpctHfbd80rPEX/HNU5lJZVKaSO4 WMDVyjssODTgCjUVLri2a6i5CU9iK3uGh2979s1wHlsVPcXLDDScXx0xbSS93pKv gYSSiqiflHDUlAVZO96ELlGyjqZQaVCEAf0B8/vCUocIitYpifG9CY+9QAX0E/f1 3eBmyNwPYwrIWuvDIzt1Q4AljkbkAFK0hWmNvAOqCwPplw8Bq62KncB7rooLdzKi 9DTjt8pFMLm+EMZzE25fyR5mvJmI0MT97V2M2yw/INJaFrTwJiNlcRkmCGUCgtf0 5NADcNt6p/OBsErZ8pyP =Kvg9 -----END PGP SIGNATURE-----