You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@pdfbox.apache.org by "Nick Gorbarov (Jira)" <ji...@apache.org> on 2020/02/18 10:54:00 UTC
[jira] [Created] (PDFBOX-4779) PDFBOX: Update Bouncy Castle Crypto
to version 1.64
Nick Gorbarov created PDFBOX-4779:
-------------------------------------
Summary: PDFBOX: Update Bounc9 Castle Crypto to version 1.64
Key: PDFBOX-4779
URL: https://issues.apache.org/jira/browse/PDFBOX-4779
Project: PDFBox
Issue Type: Improvement
Components: Crypto
Affects Versions: 2.0.18
Reporter: Nick Gorbarov
Please update Bouncy Castle Crypto to verison 1.64. It contains critical issue:
*CVE-2019-17359*: A change to the ASN.1 parser in 1.63 introduced a regression that can cause an OutOfMemoryError to occur on parsing ASN.1 data. We recommend upgrading to 1.64, particularly where an application might be parsing untrusted ASN.1 data from third parties.
Link to Bouncy Castle Crypto: [https://www.bouncycastle.org/releasenotes.html]
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@pdfbox.apache.org
For additional commands, e-mail: dev-help@pdfbox.apache.org