[jira] [Commented] (PDFBOX-4779) PDFBOX: Update Bouncy Castle Crypto to version 1.64

Tue, 18 Feb 2020 06:54:14 -0800 


    [ 
https://issues.apache.org/jira/browse/PDFBOX-4779?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17039145#comment-17039145
 ] 

Jason Pyeron commented on PDFBOX-4779:
--------------------------------------

this was already done

{noformat}
commit 5bcbc64740ea4f63ef1acdd7e9635fb51a8bda02
Author: Tilman Hausherr <[email protected]>
Date:   Sat Oct 12 12:46:34 2019 +0000

    PDFBOX-4071: update bc to current

    git-svn-id: https://svn.apache.org/repos/asf/pdfbox/trunk@1868335 
13f79535-47bb-0310-9956-ffa450edef68

diff --git a/parent/pom.xml b/parent/pom.xml
index f298544ea..2ab12c7d5 100644
--- a/parent/pom.xml
+++ b/parent/pom.xml
@@ -49,7 +49,7 @@
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
         
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>

-        <bouncycastle.version>1.63</bouncycastle.version>
+        <bouncycastle.version>1.64</bouncycastle.version>
       </properties>

     <dependencyManagement>

{noformat}

> PDFBOX: Update Bouncy Castle Crypto to version 1.64
> ---------------------------------------------------
>
>                 Key: PDFBOX-4779
>                 URL: https://issues.apache.org/jira/browse/PDFBOX-4779
>             Project: PDFBox
>          Issue Type: Improvement
>          Components: Crypto
>    Affects Versions: 2.0.18
>            Reporter: Nick Gorbarov
>            Priority: Major
>              Labels: crypto
>
> Please update Bouncy Castle Crypto to verison 1.64. It contains critical 
> issue:
>  *CVE-2019-17359*: A change to the ASN.1 parser in 1.63 introduced a 
> regression that can cause an OutOfMemoryError to occur on parsing ASN.1 data. 
> We recommend upgrading to 1.64, particularly where an application might be 
> parsing untrusted ASN.1 data from third parties.
>  
> Link to Bouncy Castle Crypto: [https://www.bouncycastle.org/releasenotes.html]



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to