[botan-devel] Botan 1.11.24 released with TLS security fix
lloyd at randombit.net
Wed Nov 4 14:58:35 EST 2015
Botan 1.11.24 has been released fixing a critical bug in TLS
authentication introduced in 1.11.23. Due to a missing check in
Credentials_Manager, a certificate which failed validation would not
be reported to the TLS layer. Thus effectively X.509 authentication is
bypassed in TLS in that release. All users of TLS should upgrade to
1.11.24 as soon as possible.
Credits to Florent Le Coz who found the issue and reported it. GH #342
Also fixed in this release is an endian dependency in McEliece key
generation. And a change to the build has new flags for individually
controlling use of debug symbols, sanitizer, and coverage flags.
More information about the botan-devel