Description
Botan before 1.10.13 and 1.11.x before 1.11.22 make it easier for remote
attackers to conduct million-message attacks by measuring time differences,
related to decoding of PKCS#1 padding.
Notes
| seth-arnold | "Fixed in 1.11.22. Affected all previous versions." |
Package
| Upstream: | released
(1.10.13-1)
|
| Ubuntu 18.04 LTS: | not-affected
(1.10.13-1)
|
| Ubuntu 20.04 LTS: | DNE
|
| Ubuntu 21.10: | DNE
|
| Ubuntu 22.04 LTS: | DNE
|
| Ubuntu 14.04 ESM: | DNE
(trusty was released [1.10.5-1+deb7u1ubuntu0.14.04.1])
|
| Ubuntu 20.04 FIPS Compliant: | DNE
|
Patches:
Updated: 2022-04-25 00:16:03 UTC (commit ecc1009cb19540b950de59270950018900f37f15)