You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@pdfbox.apache.org by "Tilman Hausherr (Jira)" <ji...@apache.org> on 2020/02/19 20:00:00 UTC
[jira] [Resolved] (PDFBOX-4779) PDFBOX: Update Bouncy Castle Crypto
to version 1.64
[ https://issues.apache.org/jira/browse/PDFBOX-4779?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Tilman Hausherr resolved PDFBOX-4779.
-------------------------------------
Fix Version/s: 2.0.19
Assignee: Tilman Hausherr
Resolution: Fixed
Done, thanks everybody!
> PDFBOX: Update Bouncy Castle Crypto to version 1.64
> ---------------------------------------------------
>
> Key: PDFBOX-4779
> URL: https://issues.apache.org/jira/browse/PDFBOX-4779
> Project: PDFBox
> Issue Type: Improvement
> Components: Crypto
> Affects Versions: 2.0.18
> Reporter: Nick Gorbarov
> Assignee: Tilman Hausherr
> Priority: Major
> Labels: crypto
> Fix For: 2.0.19
>
>
> Please update Bouncy Castle Crypto to verison 1.64. It contains critical issue:
> *CVE-2019-17359*: A change to the ASN.1 parser in 1.63 introduced a regression that can cause an OutOfMemoryError to occur on parsing ASN.1 data. We recommend upgrading to 1.64, particularly where an application might be parsing untrusted ASN.1 data from third parties.
>
> Link to Bouncy Castle Crypto: [https://www.bouncycastle.org/releasenotes.html]
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@pdfbox.apache.org
For additional commands, e-mail: dev-help@pdfbox.apache.org