You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@pdfbox.apache.org by "Tilman Hausherr (Jira)" <ji...@apache.org> on 2020/02/19 20:00:00 UTC

[jira] [Resolved] (PDFBOX-4779) PDFBOX: Update Bouncy Castle Crypto to version 1.64

     [ https://issues.apache.org/jira/browse/PDFBOX-4779?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Tilman Hausherr resolved PDFBOX-4779.
-------------------------------------
    Fix Version/s: 2.0.19
         Assignee: Tilman Hausherr
       Resolution: Fixed

Done, thanks everybody!

> PDFBOX: Update Bouncy Castle Crypto to version 1.64
> ---------------------------------------------------
>
>                 Key: PDFBOX-4779
>                 URL: https://issues.apache.org/jira/browse/PDFBOX-4779
>             Project: PDFBox
>          Issue Type: Improvement
>          Components: Crypto
>    Affects Versions: 2.0.18
>            Reporter: Nick Gorbarov
>            Assignee: Tilman Hausherr
>            Priority: Major
>              Labels: crypto
>             Fix For: 2.0.19
>
>
> Please update Bouncy Castle Crypto to verison 1.64. It contains critical issue:
>  *CVE-2019-17359*: A change to the ASN.1 parser in 1.63 introduced a regression that can cause an OutOfMemoryError to occur on parsing ASN.1 data. We recommend upgrading to 1.64, particularly where an application might be parsing untrusted ASN.1 data from third parties.
>  
> Link to Bouncy Castle Crypto: [https://www.bouncycastle.org/releasenotes.html]



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@pdfbox.apache.org
For additional commands, e-mail: dev-help@pdfbox.apache.org