[Buildroot] [PATCH 1/1] package/botan: security bump to version 2.19.3
Fabrice Fontaine
fontaine.fabrice at gmail.com
Tue Dec 6 22:12:20 UTC 2022
Fix CVE-2022-43705: In Botan before 2.19.3, it is possible to forge OCSP
responses due to a certificate verification error. This issue was
introduced in Botan 1.11.34 (November 2016).
https://github.com/randombit/botan/security/advisories/GHSA-4v9w-qvcq-6q7w
https://github.com/randombit/botan/blob/2.19.3/news.rst
Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>
---
package/botan/botan.hash | 2 +-
package/botan/botan.mk | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/package/botan/botan.hash b/package/botan/botan.hash
index d768c669ea..64da04415e 100644
--- a/package/botan/botan.hash
+++ b/package/botan/botan.hash
@@ -1,4 +1,4 @@
# From https://botan.randombit.net/releases/sha256sums.txt
-sha256 3af5f17615c6b5cd8b832d269fb6cb4d54ec64f9eb09ddbf1add5093941b4d75 Botan-2.19.2.tar.xz
+sha256 dae047f399c5a47f087db5d3d9d9e8f11ae4985d14c928d71da1aff801802d55 Botan-2.19.3.tar.xz
# Locally computed
sha256 472faf6d2231130382779f96de506be19296473750356449fc426ddc9cb03b50 license.txt
diff --git a/package/botan/botan.mk b/package/botan/botan.mk
index b0ebe594b1..59fbc950b0 100644
--- a/package/botan/botan.mk
+++ b/package/botan/botan.mk
@@ -4,7 +4,7 @@
#
################################################################################
-BOTAN_VERSION = 2.19.2
+BOTAN_VERSION = 2.19.3
BOTAN_SOURCE = Botan-$(BOTAN_VERSION).tar.xz
BOTAN_SITE = http://botan.randombit.net/releases
BOTAN_LICENSE = BSD-2-Clause
--
2.35.1
More information about the buildroot
mailing list