[Buildroot] [git commit branch/2022.02.x] package/botan: security bump to version 2.19.3
Peter Korsgaard
peter at korsgaard.com
Fri Dec 16 14:18:01 UTC 2022
commit: https://git.buildroot.net/buildroot/commit/?id=e3e8ebd7d7a1fa4a1557736ae6f92d1a9903b624
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/2022.02.x
Fix CVE-2022-43705: In Botan before 2.19.3, it is possible to forge OCSP
responses due to a certificate verification error. This issue was
introduced in Botan 1.11.34 (November 2016).
https://github.com/randombit/botan/security/advisories/GHSA-4v9w-qvcq-6q7w
https://github.com/randombit/botan/blob/2.19.3/news.rst
Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>
Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
(cherry picked from commit f276188ef7967ce8332fb38fdecd98b080b7e3db)
Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
---
package/botan/botan.hash | 2 +-
package/botan/botan.mk | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/package/botan/botan.hash b/package/botan/botan.hash
index d768c669ea..64da04415e 100644
--- a/package/botan/botan.hash
+++ b/package/botan/botan.hash
@@ -1,4 +1,4 @@
# From https://botan.randombit.net/releases/sha256sums.txt
-sha256 3af5f17615c6b5cd8b832d269fb6cb4d54ec64f9eb09ddbf1add5093941b4d75 Botan-2.19.2.tar.xz
+sha256 dae047f399c5a47f087db5d3d9d9e8f11ae4985d14c928d71da1aff801802d55 Botan-2.19.3.tar.xz
# Locally computed
sha256 472faf6d2231130382779f96de506be19296473750356449fc426ddc9cb03b50 license.txt
diff --git a/package/botan/botan.mk b/package/botan/botan.mk
index b0ebe594b1..59fbc950b0 100644
--- a/package/botan/botan.mk
+++ b/package/botan/botan.mk
@@ -4,7 +4,7 @@
#
################################################################################
-BOTAN_VERSION = 2.19.2
+BOTAN_VERSION = 2.19.3
BOTAN_SOURCE = Botan-$(BOTAN_VERSION).tar.xz
BOTAN_SITE = http://botan.randombit.net/releases
BOTAN_LICENSE = BSD-2-Clause
More information about the buildroot
mailing list