[
https://issues.apache.org/jira/browse/QPID-8501?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Dedeepya updated QPID-8501:
---------------------------
Description:
The below components are reported as vulnerabilities and need to be upgraded
||Component Name||Component Version||
|org.bouncycastle:bcprov-jdk15on|1.66|
Affected versions of this package are vulnerable to Comparison Using Wrong
Factors. The {{OpenBSDBCrypt.checkPassword}} utility method compared incorrect
data when checking the password, allowing incorrect passwords to indicate they
were matching with previously hashed ones that were different.
[https://snyk.io/vuln/SNYK-JAVA-ORGBOUNCYCASTLE-1052448]
was:
The below components are reported as vulnerabilities and need to be upgraded
||Component Name||Component Version||
|org.bouncycastle:bcprov-jdk15on|1.66|
> Upgrade bouncycastle component versions
> ---------------------------------------
>
> Key: QPID-8501
> URL: https://issues.apache.org/jira/browse/QPID-8501
> Project: Qpid
> Issue Type: Improvement
> Components: Broker-J
> Affects Versions: qpid-java-broker-8.0.3
> Reporter: Dedeepya
> Priority: Major
>
> The below components are reported as vulnerabilities and need to be upgraded
> ||Component Name||Component Version||
> |org.bouncycastle:bcprov-jdk15on|1.66|
> Affected versions of this package are vulnerable to Comparison Using Wrong
> Factors. The {{OpenBSDBCrypt.checkPassword}} utility method compared
> incorrect data when checking the password, allowing incorrect passwords to
> indicate they were matching with previously hashed ones that were different.
> [https://snyk.io/vuln/SNYK-JAVA-ORGBOUNCYCASTLE-1052448]
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
