Overview
Request 635779 revoked
* CVE-2018-1000180: issue around primality tests for RSA key pair generation
if done using only the low-level API [bsc#1096291]
- Version update to 1.59:
* CVE-2016-1000338: Fix DSA ASN.1 validation during encoding of
signature on verification (boo#1095722).
* CVE-2016-1000339: Fix AESEngine key information leak via lookup
table accesses (boo#1095853).
* CVE-2016-1000340: Fix carry propagation bugs in the
implementation of squaring for several raw math classes
(boo#1095854).
* CVE-2016-1000341: Fix DSA signature generation vulnerability to
timing attack (boo#1095852).
* CVE-2016-1000342: Fix ECDSA ASN.1 validation during encoding of
signature on verification (boo#1095850).
* CVE-2016-1000343: Fix week default settings for private DSA key
pair generation (boo#1095849).
* CVE-2016-1000344: Remove DHIES from the provider to disable the
unsafe usage of ECB mode (boo#1096026).
* CVE-2016-1000345: Fix DHIES/ECIES CBC mode padding oracle
attack (boo#1096025).
* CVE-2016-1000346: Fix other party DH public key validation
(boo#1096024).
* CVE-2016-1000352: Remove ECIES from the provider to disable the
unsafe usage of ECB mode (boo#1096022).
- Created by pmonrealgonzalez
- In state revoked
Request History
pmonrealgonzalez created request
* CVE-2018-1000180: issue around primality tests for RSA key pair generation
if done using only the low-level API [bsc#1096291]
- Version update to 1.59:
* CVE-2016-1000338: Fix DSA ASN.1 validation during encoding of
signature on verification (boo#1095722).
* CVE-2016-1000339: Fix AESEngine key information leak via lookup
table accesses (boo#1095853).
* CVE-2016-1000340: Fix carry propagation bugs in the
implementation of squaring for several raw math classes
(boo#1095854).
* CVE-2016-1000341: Fix DSA signature generation vulnerability to
timing attack (boo#1095852).
* CVE-2016-1000342: Fix ECDSA ASN.1 validation during encoding of
signature on verification (boo#1095850).
* CVE-2016-1000343: Fix week default settings for private DSA key
pair generation (boo#1095849).
* CVE-2016-1000344: Remove DHIES from the provider to disable the
unsafe usage of ECB mode (boo#1096026).
* CVE-2016-1000345: Fix DHIES/ECIES CBC mode padding oracle
attack (boo#1096025).
* CVE-2016-1000346: Fix other party DH public key validation
(boo#1096024).
* CVE-2016-1000352: Remove ECIES from the provider to disable the
unsafe usage of ECB mode (boo#1096022).
factory-auto accepted review
Check script succeeded
licensedigger accepted review
ok
maintbot accepted review
ok
maintbot approved review
ok
jsegitz declined request
sle derived, talked to maintainer
AndreasStieger reopened request
not in any SLE product.
jsegitz declined request
we'll take it from SLE codestream
pmonrealgonzalez revoked request
home:pmonrealgonzalez:branches:openSUSE:Leap:15.0:Update/bouncycastle@7832f50fbca2b888df44191c22b686c1 -> openSUSE:Leap:15.0:Update/bouncycastle
expected origin is 'SUSE:SLE-15:GA' (changed)