These are all the patches I could find, but not sure if they are all relevant. They represent a lot of work to apply.

CVE-2024-50382
https://github.com/randombit/botan/commit/6babd8226963dad7b25c4ae82c4f785162727d05
CVE-2024-50383
Same
CVE-2024-34702
https://github.com/randombit/botan/commit/21dccc8fef18c165ba3301d850ac61521f85637e
https://github.com/randombit/botan/commit/39535f13c322f56aa3da2f44b2b6abb8619a82ac
https://github.com/randombit/botan/commit/477822a2d10f02d8ba46c9d8a5132f25843f5cc1
https://github.com/randombit/botan/commit/7606d70d3a2ac7114476ec2651ca0243c4536fdf
https://github.com/randombit/botan/commit/c3264821b9f6286ee4e6e3e06826f6b7177e6d41
https://github.com/randombit/botan/commit/ff704b12e6fa351aaedd07bffdc91722e84586b8
CVE-2024-34703
https://github.com/randombit/botan/commit/08c404b23740babee1f6aa51b54e966029aadee4
https://github.com/randombit/botan/commit/94e9154c143aa5264da6254a6a1be5bc66ee2b5a
CVE-2024-39312
Patches
Fixed in versions 3.5.0 and 2.19.5

Assignee: bugsquad => pkg-bugs

In fact, CVE-2024-3470[23], CVE-2024-39312 and CVE-2024-50382 are already fixed in version 2.19.5.

Source RPM: botan2-2.19.5-3.mga10.src.rpm, botan2-2.19.5-1.mga9.src.rpm => botan2-2.19.5-4.mga10.src.rpm, botan2-2.19.5-1.mga9.src.rpm
Summary: botan2 new security issues CVE-2024-3470[23], CVE-2024-39312, CVE-2024-5038[23] => botan2 new security issue CVE-2024-50383
CVE: CVE-2024-34702, CVE-2024-34703, CVE-2024-39312, CVE-2024-50382, CVE-2024-50383 => CVE-2024-50383

Suggested advisory:
========================

The updated packages fix a security vulnerability:

Botan before 3.6.0, when certain GCC versions are used, has a compiler-induced secret-dependent operation in lib/utils/donna128.h in donna128 (used in Chacha-Poly1305 and x25519). An addition can be skipped if a carry is not set. This was observed for GCC 11.3.0 with -O2 on MIPS, and GCC on x86-i386 (only 32-bit processors can be affected). (CVE-2024-50383)

References:
https://ubuntu.com/security/notices/USN-7586-1
========================

Updated packages in core/updates_testing:
========================
botan2-2.19.5-1.1.mga9
botan2-doc-2.19.5-1.1.mga9
lib(64)botan2-devel-2.19.5-1.1.mga9
lib(64)botan2_19-2.19.5-1.1.mga9
python3-botan2-2.19.5-1.1.mga9

from SRPM:
botan2-2.19.5-1.1.mga9.src.rpm

Whiteboard: MGA9TOO => (none)
Version: Cauldron => 9
Status comment: Patches available from Ubuntu => (none)
Status: NEW => ASSIGNED
Source RPM: botan2-2.19.5-4.mga10.src.rpm, botan2-2.19.5-1.mga9.src.rpm => botan2-2.19.5-1.mga9.src.rpm
Assignee: pkg-bugs => qa-bugs

MGA9-64 server Plasma Wayland on Compaq H000SB
No installation issues.
Ref bug 29659 Comment 5, not forgetting to take the actual botan version in the filename for the doc.
$ echo "Test File" > testbotan.txt
$ botan base64_enc testbotan.txt > testbotancrypt.txt
$ cat testbotancrypt.txt
VGVzdCBGaWxlCg==
$ botan base64_dec testbotancrypt.txt
Test File
$ python3
Python 3.10.18 (main, Nov 10 2025, 10:10:26) [GCC 12.3.0] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import botan2
>>> tester = botan2.RandomNumberGenerator()
>>> tested = tester.get(10)
>>> print ("Random number is {}".format(tested))
Random number is b'\x8fN\xfaqRT\xd8\x87\x0b='
>>> quit()

$ lynx /usr/share/doc/botan-2.19.5/handbook/index.html 
Displays OK.
So all seems to work, OK

CC: (none) => herman.viaene
Whiteboard: (none) => MGA9-64-OK

Validating.

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2025-0295.html

Resolution: (none) => FIXED
Status: ASSIGNED => RESOLVED