[
https://issues.apache.org/jira/browse/PDFBOX-4779?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17040386#comment-17040386
]
ASF subversion and git services commented on PDFBOX-4779:
---------------------------------------------------------
Commit 1874212 from Tilman Hausherr in branch 'pdfbox/branches/2.0'
[ https://svn.apache.org/r1874212 ]
PDFBOX-4779: Update Bouncy Castle Crypto to version 1.64, as suggested by Nick
Gorbarov
> PDFBOX: Update Bouncy Castle Crypto to version 1.64
> ---------------------------------------------------
>
> Key: PDFBOX-4779
> URL: https://issues.apache.org/jira/browse/PDFBOX-4779
> Project: PDFBox
> Issue Type: Improvement
> Components: Crypto
> Affects Versions: 2.0.18
> Reporter: Nick Gorbarov
> Priority: Major
> Labels: crypto
>
> Please update Bouncy Castle Crypto to verison 1.64. It contains critical
> issue:
> *CVE-2019-17359*: A change to the ASN.1 parser in 1.63 introduced a
> regression that can cause an OutOfMemoryError to occur on parsing ASN.1 data.
> We recommend upgrading to 1.64, particularly where an application might be
> parsing untrusted ASN.1 data from third parties.
>
> Link to Bouncy Castle Crypto: [https://www.bouncycastle.org/releasenotes.html]
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
