[jira] [Created] (PDFBOX-4779) PDFBOX: Update Bouncy Castle Crypto to version 1.64

Nick Gorbarov (Jira) Tue, 18 Feb 2020 02:54:14 -0800

Nick Gorbarov created PDFBOX-4779:
-------------------------------------

             Summary: PDFBOX: Update Bounc9 Castle Crypto to version 1.64
                 Key: PDFBOX-4779
                 URL: https://issues.apache.org/jira/browse/PDFBOX-4779
             Project: PDFBox
          Issue Type: Improvement
          Components: Crypto
    Affects Versions: 2.0.18
            Reporter: Nick Gorbarov



Please update Bouncy Castle Crypto to verison 1.64. It contains critical issue:

 *CVE-2019-17359*: A change to the ASN.1 parser in 1.63 introduced a regression 
that can cause an OutOfMemoryError to occur on parsing ASN.1 data. We recommend 
upgrading to 1.64, particularly where an application might be parsing untrusted 
ASN.1 data from third parties.

 

Link to Bouncy Castle Crypto: [https://www.bouncycastle.org/releasenotes.html]



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[jira] [Created] (PDFBOX-4779) PDFBOX: Update Bouncy Castle Crypto to version 1.64

Reply via email to