oui j'ai déjà corrigé les 2 premiers problèmes et je m'occupe de la vignette
greg Le lun. 14 déc. 2015 13:51:06 CET, Luciano Bello a écrit : > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > - ------------------------------------------------------------------------- > Debian Security Advisory DSA-3417-1 [email protected] > https://www.debian.org/security/ Luciano Bello > December 14, 2015 https://www.debian.org/security/faq > - ------------------------------------------------------------------------- > > Package : bouncycastle > CVE ID : CVE-2015-7940 > Debian Bug : 802671 > > Tibor Jager, Jörg Schwenk, and Juraj Somorovsky, from Horst Görtz > Institute for IT Security, published a paper in ESORICS 2015 where they > describe an invalid curve attack in Bouncy Castle Crypto, a Java library > for cryptography. An attacker is able to recover private Elliptic Curve > keys from different applications, for example, TLS servers. > > More information: > http://web-in-security.blogspot.ca/2015/09/practical-invalid-curve-attacks.html > Practical Invalid Curve Attacks on TLS-ECDH: > http://euklid.org/pdf/ECC_Invalid_Curve.pdf > > For the oldstable distribution (wheezy), this problem has been fixed > in version 1.44+dfsg-3.1+deb7u1. > > For the stable distribution (jessie), this problem has been fixed in > version 1.49+dfsg-3+deb8u1. > > For the unstable distribution (sid), this problem has been fixed in > version 1.51-2. > > We recommend that you upgrade your bouncycastle packages. > > Further information about Debian Security Advisories, how to apply > these updates to your system and frequently asked questions can be > found at: https://www.debian.org/security/ > > Mailing list: [email protected] > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1 > > iQIcBAEBCAAGBQJWbrnpAAoJEG7C3vaP/jd0sYEP/0oGLjRD26QDcghTOV4kZpmO > QQc3rXHiyMylQGUVJ6mHFES+dVwHlWy6VumRlQp2uBB/O+afvM3jEo1Mx9jgrYhR > +2hpqc21kh1sIJEi+ZK7MfaGjlg8IVIYXapXi/DdJt0dGGJuji+qN+XWRue5yLgm > 08vm4scq8TUohYxpdNnpoWUSJ2/k49aQ60Jz+tz+80UjqDcaxhS7lw1YxqzOHOBs > YABdawwUh0mfguQIIfHS+5R6lb/YzzE07ZVdgQVRzNL4z0PMNCUV4uT6xTWpn/Wx > kvgiDW+Qpw4mkKIAeKkOuHWoXxHsOQfY7DRXfOnyybv0GTDGV0OKuYKbkxXe8kqh > g/msrAfg0EGvHiiFgudlMwvdXpkG+gOqu7YyHbTSSPuD9MFjMJdMQIOeih4+GcPN > Yxvvl6x/JKgagJcNco3G6VzXcbcgHBU8WgdN5xASxJcBhzUBmyTaMRmVtuj8vguP > EhcBa0a/xzpI6TZqnQc3drznU3sqxcvDI3shPKckLN5lJpUXiKaTOcageILkfxpg > NUmZ01YQEI7nYJFjAMflKnqXFcRanTYBHhI7aZxbfueviqx7uTzXLT5oiyf99sIR > DA8+7uVPr6O2QXmnOTleAEIpNYs9VibfAtGt3DRkAAeo3ARRM7+yAxXtmN20uBO9 > 2fAMEkxz0RpnUdEEtKnw > =P/dD > -----END PGP SIGNATURE----- > -- -- Grégoire Reitter Vecteur M - 01.47.90.70.80 http://www.vecteurm.com
