You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@pdfbox.apache.org by "Nick Gorbarov (Jira)" <ji...@apache.org> on 2020/02/18 10:54:00 UTC

[jira] [Created] (PDFBOX-4779) PDFBOX: Update Bouncy Castle Crypto to version 1.64

Nick Gorbarov created PDFBOX-4779:
-------------------------------------

             Summary: PDFBOX: Update Bounc9 Castle Crypto to version 1.64
                 Key: PDFBOX-4779
                 URL: https://issues.apache.org/jira/browse/PDFBOX-4779
             Project: PDFBox
          Issue Type: Improvement
          Components: Crypto
    Affects Versions: 2.0.18
            Reporter: Nick Gorbarov


Please update Bouncy Castle Crypto to verison 1.64. It contains critical issue:

 *CVE-2019-17359*: A change to the ASN.1 parser in 1.63 introduced a regression that can cause an OutOfMemoryError to occur on parsing ASN.1 data. We recommend upgrading to 1.64, particularly where an application might be parsing untrusted ASN.1 data from third parties.

 

Link to Bouncy Castle Crypto: [https://www.bouncycastle.org/releasenotes.html]



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@pdfbox.apache.org
For additional commands, e-mail: dev-help@pdfbox.apache.org