Package "libbcpkix-java-doc"
Name: |
libbcpkix-java-doc
|
Description: |
Bouncy Castle Java API for PKIX, CMS, EAC, TSP, PKCS... (Documentation)
|
Latest version: |
1.49+dfsg-2ubuntu0.1 |
Release: |
trusty (14.04) |
Level: |
security |
Repository: |
main |
Head package: |
bouncycastle |
Homepage: |
http://www.bouncycastle.org |
Links
Download "libbcpkix-java-doc"
Other versions of "libbcpkix-java-doc" in Trusty
Changelog
bouncycastle (1.49+dfsg-2ubuntu0.1) trusty-security; urgency=medium
* SECURITY UPDATE: Multiple security issues
- debian/patches/CVE-*.patch: sync patches with Debian's
1.49+dfsg-3+deb8u3 package. Thanks to Markus Koschany for the work
this update is based on!
- CVE-2015-7940
- CVE-2015-6644
- CVE-2016-1000338
- CVE-2016-1000341
- CVE-2016-1000343
- CVE-2016-1000346
- CVE-2016-1000339
- CVE-2016-1000345
- CVE-2016-1000342
-- Marc Deslauriers <email address hidden> Tue, 10 Jul 2018 09:23:01 -0400
|
CVE-2015-7940 |
The Bouncy Castle Java library before 1.51 does not validate a point is withing the elliptic curve, which makes it easier for remote attackers to obt |
CVE-2015-6644 |
Bouncy Castle in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to obtain sensitive information via a crafted application, ak |
CVE-2016-1000338 |
In Bouncy Castle JCE Provider version 1.55 and earlier the DSA does not fully validate ASN.1 encoding of signature on verification. It is possible to |
CVE-2016-1000341 |
In the Bouncy Castle JCE Provider version 1.55 and earlier DSA signature generation is vulnerable to timing attack. Where timings can be closely obse |
CVE-2016-1000343 |
In the Bouncy Castle JCE Provider version 1.55 and earlier the DSA key pair generator generates a weak private key if used with default values. If th |
CVE-2016-1000346 |
In the Bouncy Castle JCE Provider version 1.55 and earlier the other party DH public key is not fully validated. This can cause issues as invalid key |
CVE-2016-1000339 |
In the Bouncy Castle JCE Provider version 1.55 and earlier the primary engine class used for AES was AESFastEngine. Due to the highly table driven ap |
CVE-2016-1000345 |
In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES/ECIES CBC mode vulnerable to padding oracle attack. For BC 1.55 and older, in an |
CVE-2016-1000342 |
In the Bouncy Castle JCE Provider version 1.55 and earlier ECDSA does not fully validate ASN.1 encoding of signature on verification. It is possible |
|
About
-
Send Feedback to @ubuntu_updates