package/botan: add upstream security fix for CVE-2021-40529
Fixes the following security issue:
- CVE-2021-40529: The ElGamal implementation in Botan through 2.18.1, as
used in Thunderbird and other products, allows plaintext recovery because,
during interaction between two cryptographic libraries, a certain
dangerous combination of the prime defined by the receiver's public key,
the generator defined by the receiver's public key, and the sender's
ephemeral exponents can lead to a cross-configuration attack against
OpenPGP
For more details, see the upstream bug and issue writeup:
- https://github.com/randombit/botan/pull/2790
- https://ibm.github.io/system-security-research-updates/2021/07/20/insecurity-elgamal-pt1
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
projects / buildroot.git / commit