You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@jclouds.apache.org by "Jonathan Anstey (JIRA)" <ji...@apache.org> on 2014/01/28 20:52:37 UTC

[jira] [Commented] (JCLOUDS-437) jclouds-karaf depends on bouncycastle version affected by vulnerability CVE-2013-1624

    [ https://issues.apache.org/jira/browse/JCLOUDS-437?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13884515#comment-13884515 ] 

Jonathan Anstey commented on JCLOUDS-437:
-----------------------------------------

Opened PR here https://github.com/jclouds/jclouds-karaf/pull/29

> jclouds-karaf depends on bouncycastle version affected by vulnerability CVE-2013-1624
> -------------------------------------------------------------------------------------
>
>                 Key: JCLOUDS-437
>                 URL: https://issues.apache.org/jira/browse/JCLOUDS-437
>             Project: jclouds
>          Issue Type: Bug
>    Affects Versions: 1.6.3
>            Reporter: Jonathan Anstey
>
> https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-1624 is fixed in bouncy castle 1.48 and newer. Bouncycastle should be upgraded for the next jclouds-karaf release to fix this vulnerability.



--
This message was sent by Atlassian JIRA
(v6.1.5#6160)