Candidate: CVE-2016-6879
PublicDate: 2017-04-10 15:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6879
 https://botan.randombit.net/security.html#id2
Description:
 The X509_Certificate::allowed_usage function in botan 1.11.x before 1.11.31
 might allow attackers to have unspecified impact by leveraging a call with
 more than one Key_Usage set in the enum value.
Ubuntu-Description:
Notes:
 seth-arnold> upstream reports "Introduced in 1.11.0, fixed in 1.11.31"
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N [7.5 HIGH]

Patches_botan1.10:
upstream_botan1.10: not-affected
precise_botan1.10: not-affected
trusty_botan1.10: not-affected
trusty/esm_botan1.10: DNE (trusty was not-affected)
vivid/stable-phone-overlay_botan1.10: DNE
vivid/ubuntu-core_botan1.10: DNE
xenial_botan1.10: not-affected
yakkety_botan1.10: not-affected
zesty_botan1.10: not-affected
devel_botan1.10: not-affected

Patches_botan1.8:
upstream_botan1.8: not-affected
precise_botan1.8: not-affected
trusty_botan1.8: DNE
trusty/esm_botan1.8: DNE
vivid/stable-phone-overlay_botan1.8: DNE
vivid/ubuntu-core_botan1.8: DNE
xenial_botan1.8: DNE
yakkety_botan1.8: DNE
zesty_botan1.8: DNE
devel_botan1.8: DNE