Candidate: CVE-2016-6878
PublicDate: 2017-04-10 15:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6878
 https://botan.randombit.net/security.html#id2
Description:
 The Curve25519 code in botan before 1.11.31, on systems without a native
 128-bit integer type, might allow attackers to have unspecified impact via
 vectors related to undefined behavior, as demonstrated on 32-bit ARM
 systems compiled by Clang.
Ubuntu-Description:
Notes:
 seth-arnold> I'm marking our packages as not-affected due to:
  "Introduced in 1.11.12, fixed in 1.11.31"
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]

Patches_botan1.10:
upstream_botan1.10: not-affected
precise_botan1.10: not-affected
trusty_botan1.10: not-affected
trusty/esm_botan1.10: DNE (trusty was not-affected)
vivid/stable-phone-overlay_botan1.10: DNE
vivid/ubuntu-core_botan1.10: DNE
xenial_botan1.10: not-affected
yakkety_botan1.10: not-affected
zesty_botan1.10: not-affected
devel_botan1.10: not-affected

Patches_botan1.8:
upstream_botan1.8: not-affected
precise_botan1.8: not-affected
trusty_botan1.8: DNE
trusty/esm_botan1.8: DNE
vivid/stable-phone-overlay_botan1.8: DNE
vivid/ubuntu-core_botan1.8: DNE
xenial_botan1.8: DNE
yakkety_botan1.8: DNE
zesty_botan1.8: DNE
devel_botan1.8: DNE