Review: botan3 3.12.0+dfsg-1
New Package Report
.changes
| Architecture | source amd64 all |
|---|---|
| Distribution | experimental |
| Date | Sat, 09 May 2026 08:45:18 +0200 |
| Source | botan3 |
| Version | 3.12.0+dfsg-1 |
| Changed-By | Laszlo Boszormenyi (GCS) |
Changelog
botan3 (3.12.0+dfsg-1) experimental; urgency=medium
.
* New upstream release:
- fixes CVE-2026-44378: CPU based denial of service when decoding BER
encoded data.
* Library transition from libbotan-3-11 to libbotan-3-12 ..dsc
| Section | libdevel |
|---|---|
| Priority | optional |
| Component | main |
| Package-List | botan deb libdevel optional arch=any libbotan-3-12 deb libs optional arch=any libbotan-3-dev deb libdevel optional arch=any libbotan-3-doc deb doc optional arch=all python3-botan deb python optional arch=any |
debian/copyright
Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
Upstream-Name: botan
Upstream-Contact: Jack Lloyd <jack@randombit.net>
Source: https://github.com/randombit/botan
Files-Excluded: src/lib/prov/pkcs11/*
Files: *
Copyright: 1999-2025 The Botan Authors,
1999-2025 Jack Lloyd <jack@randombit.net>
License: BSD-2-clause
Files: configure.py
Copyright: 2009,2010,2011,2012,2013,2014,2015,2016,2017,2018 Jack Lloyd <jack@randombit.net>,
2015,2016,2017 Simon Warta (Kullo GmbH)
License: BSD-2-clause
Files: src/build-data/botan-config.cmake.in src/build-data/botan-config-version.cmake.in
Copyright: 2023- The Botan Authors
License: MIT
Files: src/cli/*
Copyright: 2015,2017 Simon Warta (Kullo GmbH),
2018 Ribose Inc,
1999-2010,2014,2015,2016,2017,2018 Jack Lloyd <jack@randombit.net>,
2015-2016 René Korthaus,
2016 Juraj Somorovsky <juraj.somorovsky@hackmanit.de>,
2017 Neverhub
License: BSD-2-clause
Files: src/lib/pbkdf/*
Copyright: 1999-2007,2012,2017,2018 Jack Lloyd <jack@randombit.net>,
2018 Ribose Inc
License: BSD-2-clause
Files: src/lib/pk_pad/*
Copyright: 1999-2008 Jack Lloyd <jack@randombit.net>,
2016 Tobias Niemann, Hackmanit GmbH,
2017 Fabian Weissberg, Rohde & Schwarz Cybersecurity
License: BSD-2-clause
Files: src/lib/prov/commoncrypto/*
Copyright: 2018 Jose Luis Pereira
License: BSD-2-clause
Files: src/lib/pubkey/x25519/donna.cpp
Copyright: 2014,2018 Jack Lloyd <jack@randombit.net>,
2008 Google Inc.,
Adam Langley <agl@imperialviolet.org>,
Daniel J. Bernstein <djb@cr.yp.to>
License: BSD-2-clause
Files: src/lib/pubkey/eckcdsa/*
Copyright: 2016 René Korthaus, Sirrix AG,
2018 Jack Lloyd <jack@randombit.net>
License: BSD-2-clause
Files: src/lib/pubkey/dlies/*
Copyright: 1999-2007 Jack Lloyd <jack@randombit.net>,
2016 Daniel Neus, Rohde & Schwarz Cybersecurity
License: BSD-2-clause
Files: src/lib/pubkey/ec_group/*
Copyright: 2007 Martin Doering,
2007,2017 Christoph Ludwig,
2007 Falko Strenzke, FlexSecure GmbH,
2008,2018 Jack Lloyd <jack@randombit.net>,
2018 Tobias Niemann
License: BSD-2-clause
Files: src/lib/pubkey/ecc_key/*
Copyright: 2007 Manuel Hartl, FlexSecure GmbH,
2007 Falko Strenzke, FlexSecure GmbH,
2008-2010 Jack Lloyd <jack@randombit.net>
License: BSD-2-clause
Files: src/lib/pubkey/ed25519/*
Copyright: 2017 Ribose Inc
License: BSD-2-clause
Files: src/lib/pubkey/ecgdsa/*
Copyright: 2016 René Korthaus,
2018 Jack Lloyd <jack@randombit.net>
License: BSD-2-clause
Files: src/lib/pubkey/ecies/*
Copyright: 2016 Philipp Weber,
2016 Daniel Neus, Rohde & Schwarz Cybersecurity
License: BSD-2-clause
Files: src/lib/pubkey/gost_3410/*
Copyright: 2007 Falko Strenzke, FlexSecure GmbH,
2008-2010,2015,2018 Jack Lloyd
License: BSD-2-clause
Files: src/lib/pubkey/mce/*
Copyright: Projet SECRET, INRIA, Rocquencourt,
Bhaskar Biswas and Nicolas Sendrier,
2014 cryptosource GmbH,
2014 Falko Strenzke <fstrenzke@cryptosource.de>
2014,2015 Jack Lloyd
License: BSD-2-clause
Files: src/lib/pubkey/pbes2/*
Copyright: 1999-2008,2014 Jack Lloyd,
2018 Ribose Inc
License: BSD-2-clause
Files: src/lib/pubkey/sm2/*
Copyright: 1999-2008,2014,2018 Jack Lloyd,
2017,2018 Ribose Inc
License: BSD-2-clause
Files: src/lib/pubkey/xmss/*
Copyright: 2016,2017,2018 Matthias Gierlings
License: BSD-2-clause
Files: src/lib/tls/*
Copyright: 2004-2011,2013,2016,2017 Jack Lloyd,
2016 Matthias Gierlings,
2016 Juraj Somorovsky
License: BSD-2-clause
Files: src/lib/tls/tls12/tls_cbc/*
Copyright: 2012,2013,2014,2015,2016 Jack Lloyd,
2016 Juraj Somorovsky,
2016 Matthias Gierlings,
2016 Daniel Neus, Rohde & Schwarz Cybersecurity
License: BSD-2-clause
Files: src/lib/utils/*
Copyright: 1999-2008,2009,2010,2012,2018 Jack Lloyd,
Copyright Projet SECRET, INRIA, Rocquencourt,
Bhaskar Biswas and Nicolas Sendrier,
2007 Yves Jerschow,
2018 Erwan Chaussy,
2010 Falko Strenzke,
2014 cryptosource GmbH,
2014 Falko Strenzke <fstrenzke@cryptosource.de>,
2015 Simon Warta (Kullo GmbH),
2016 Daniel Neus,
2016 Joel Low
2017 René Korthaus, Rohde & Schwarz Cybersecurity,
2017 Tomasz Frydrych,
2018 Ribose Inc
License: BSD-2-clause
Files: src/lib/x509/*
Copyright: 1999-2010,2013,2016,2018 Jack Lloyd,
2015,2016 Kai Michaelis, Rohde & Schwarz Cybersecurity,
2016 René Korthaus, Rohde & Schwarz Cybersecurity,
2017 Fabian Weissberg, Rohde & Schwarz Cybersecurity,
License: BSD-2-clause
Files: debian/*
Copyright: 2017- Laszlo Boszormenyi (GCS) <gcs@debian.org>
License: BSD-2-clause
License: BSD-2-clause
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
are met:
1. Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
.
THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
SUCH DAMAGE.
License: MIT
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
( copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
.
The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software.
.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
Review Information
accepted — allocated to mechtilde 12 days ago, started 12 days ago, completed 12 days ago.
Final Comment
Hi,
for the next upload please also check the lintian warnings.
thanks
Other Reviews of this Package
| Version | Hash | Allocated | Completed | Reviewer | Status | Details |
|---|---|---|---|---|---|---|
| 3.11.0+dfsg-1 | bfaff894… | 2026-03-22 10:10 | 2026-03-22 10:17 | mechtilde | rejected | VIEW |
| 3.11.0+dfsg-1 | f8269505… | 2026-03-22 14:21 | 2026-03-22 14:24 | mechtilde | accepted | VIEW |
Public Notes
12 days ago
● public
Load licenses database
Command: dnq license-check -prepare
Exit code: 0
License check [main]:
Found 2 unique license identifier(s) in debian/copyright:
COMPATIBLE (2):
BSD-2-clause
MIT
Result: ALL LICENSES RECOGNIZED AS DFSG-COMPATIBLE
12 days ago
● public
Missed Author Check
Command: dnq author-check
Exit code: 0
Using active review (from current.json): botan3
Author check: botan3 3.12.0+dfsg-1
Scanned 3574 files.
Authors declared in debian/copyright: 37
Result: ALL SOURCE AUTHORS LISTED IN debian/copyright
12 days ago
● public
Lintian
Command: lintian -c -E -I -i -L '>=warning' --show-overrides --color=never ../$(basename $PWD)_*.changes
Exit code: 0
N:
W: python3-botan: executable-not-elf-or-script [usr/lib/python3/dist-packages/botan3.py]
N:
N: This executable file is not an ELF format binary, and does not start with
N: the #! sequence that marks interpreted scripts. It might be a sh script
N: that fails to name /bin/sh as its shell, or it may be incorrectly marked
N: as executable. Sometimes upstream files developed on Windows are marked
N: unnecessarily as executable on other systems.
N:
N: If you are using debhelper to build your package, running dh_fixperms will
N: often correct this problem for you.
N:
N: Please refer to Scripts (Section 10.4) in the Debian Policy Manual for
N: details.
N:
N: Visibility: warning
N: Show-Always: no
N: Check: executable
N:
N:
W: botan: package-relation-with-self Breaks: botan (<< 3-1~)
N:
N: The package declares a relationship with itself. This is not very useful
N: except in the case of a package Conflicting with itself if its package
N: name doubles as a virtual package.
N:
N: Visibility: warning
N: Show-Always: no
N: Check: fields/package-relations
N:
N:
W: python3-botan: package-relation-with-self Breaks: python3-botan (<< 3-1~)
12 days ago
● public
Licenserecon
Command: lrc | grep -v 'Superfluous file pattern'
Exit code: 0
de: Versions: licenserecon '14.0' licensecheck '3.3.9-1'
Quellbaum analysieren ....
Lesen d/copyright ....
Wird ausgeführt licensecheck ....
Keine signifikanten Unterschiede festgestellt