Package "bouncycastle"

Links

Other versions of "bouncycastle" in Trusty

Repository	Area	Version
base	main	1.49+dfsg-2
base	universe	1.49+dfsg-2
security	main	1.49+dfsg-2ubuntu0.1
updates	universe	1.49+dfsg-2ubuntu0.1
updates	main	1.49+dfsg-2ubuntu0.1

Packages in group

Deleted packages are displayed in grey.

• libbcmail-java
• libbcpkix-java

Changelog

Version: 1.49+dfsg-2ubuntu0.1	2018-08-01 16:06:34 UTC
bouncycastle (1.49+dfsg-2ubuntu0.1) trusty-security; urgency=medium   * SECURITY UPDATE: Multiple security issues     - debian/patches/CVE-*.patch: sync patches with Debian's       1.49+dfsg-3+deb8u3 package. Thanks to Markus Koschany for the work       this update is based on!     - CVE-2015-7940     - CVE-2015-6644     - CVE-2016-1000338     - CVE-2016-1000341     - CVE-2016-1000343     - CVE-2016-1000346     - CVE-2016-1000339     - CVE-2016-1000345     - CVE-2016-1000342  -- Marc Deslauriers <email address hidden> Tue, 10 Jul 2018 09:23:01 -0400
CVE-2015-7940 The Bouncy Castle Java library before 1.51 does not validate a point is withing the elliptic curve, which makes it easier for remote attackers to obt CVE-2015-6644 Bouncy Castle in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to obtain sensitive information via a crafted application, ak CVE-2016-1000338 In Bouncy Castle JCE Provider version 1.55 and earlier the DSA does not fully validate ASN.1 encoding of signature on verification. It is possible to CVE-2016-1000341 In the Bouncy Castle JCE Provider version 1.55 and earlier DSA signature generation is vulnerable to timing attack. Where timings can be closely obse CVE-2016-1000343 In the Bouncy Castle JCE Provider version 1.55 and earlier the DSA key pair generator generates a weak private key if used with default values. If th CVE-2016-1000346 In the Bouncy Castle JCE Provider version 1.55 and earlier the other party DH public key is not fully validated. This can cause issues as invalid key CVE-2016-1000339 In the Bouncy Castle JCE Provider version 1.55 and earlier the primary engine class used for AES was AESFastEngine. Due to the highly table driven ap CVE-2016-1000345 In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES/ECIES CBC mode vulnerable to padding oracle attack. For BC 1.55 and older, in an CVE-2016-1000342 In the Bouncy Castle JCE Provider version 1.55 and earlier ECDSA does not fully validate ASN.1 encoding of signature on verification. It is possible

---

Share this page

Bookmarks

skype 4.3.0.37
virtualbox-4.3 4.3.40-110317
steam 1:1.0.0.79
google-chrome-beta 125.0.6422.14

Latest updates

  Packages changelogs
  Bugs & CVEs

updates

firefox (focal)
firefox (focal)
openjdk-8 (noble)

proposed

linux-restricted-modules-nvidia (noble)
linux-signed-nvidia (noble)
linux-meta-nvidia (noble)
libreoffice (mantic)
sagemath (mantic)
libreoffice (mantic)
linux-nvidia-tegra (jammy)
qemu (jammy)
linux-nvidia-tegra-igx-modules-signed (jammy)
linux-nvidia-tegra-igx (jammy)
qemu (jammy)
usbguard (focal)
rust-if-watch (noble)
krb5 (noble)
audit (noble)
pgpcre (noble)
rust-winit (noble)
openjdk-21 (noble)
krb5 (noble)
audit (noble)
openjdk-21 (noble)
libmd (noble)
livecd-rootfs (noble)
octave-iso2mesh (noble)
node-webpack (noble)

security

firefox (focal)
firefox (focal)

See all

PPA updates

  PPAs

nginx-nr-agent (bionic)
handbrake (trusty)
linux-signed (noble)
signal-desktop (xenial)
signal-desktop-beta (xenial)
linux-restricted-modules (noble)
linux-signed-intel (noble)
linux-meta-intel (noble)
linux-generate-intel (noble)
linux-generate (noble)
linux-meta (noble)
kodi-peripheral-joystick (focal)
brave-browser (stable)
linux (noble)
firefox-trunk (noble)
firefox (jammy)
firefox (focal)
firefox (noble)
firefox (mantic)
pgsphere (focal-pgdg)
pg-partman (jammy-pgdg)
pgvector (jammy-pgdg)
pg-rrule (jammy-pgdg)
postgres-decoderbufs (jammy-pgdg)
libh3 (jammy-pgdg)
pspg (jammy-pgdg)
pgtap (jammy-pgdg)
pgbouncer (jammy-pgdg)
patroni (jammy-pgdg)
oracle-libs (jammy-pgdg)

See all