[jira] [Resolved] (PDFBOX-4779) PDFBOX: Update Bouncy Castle Crypto to version 1.64

Tilman Hausherr (Jira) Wed, 19 Feb 2020 12:00:30 -0800


     [ 
https://issues.apache.org/jira/browse/PDFBOX-4779?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Tilman Hausherr resolved PDFBOX-4779.
-------------------------------------
    Fix Version/s: 2.0.19
         Assignee: Tilman Hausherr
       Resolution: Fixed

Done, thanks everybody!

> PDFBOX: Update Bouncy Castle Crypto to version 1.64
> ---------------------------------------------------
>
>                 Key: PDFBOX-4779
>                 URL: https://issues.apache.org/jira/browse/PDFBOX-4779
>             Project: PDFBox
>          Issue Type: Improvement
>          Components: Crypto
>    Affects Versions: 2.0.18
>            Reporter: Nick Gorbarov
>            Assignee: Tilman Hausherr
>            Priority: Major
>              Labels: crypto
>             Fix For: 2.0.19
>
>
> Please update Bouncy Castle Crypto to verison 1.64. It contains critical 
> issue:
>  *CVE-2019-17359*: A change to the ASN.1 parser in 1.63 introduced a 
> regression that can cause an OutOfMemoryError to occur on parsing ASN.1 data. 
> We recommend upgrading to 1.64, particularly where an application might be 
> parsing untrusted ASN.1 data from third parties.
>  
> Link to Bouncy Castle Crypto: [https://www.bouncycastle.org/releasenotes.html]



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[jira] [Resolved] (PDFBOX-4779) PDFBOX: Update Bouncy Castle Crypto to version 1.64

Reply via email to