[jira] [Assigned] (TEZ-4458) Upgrade Bouncy Castle to 1.70 due to high CVEs

Jira Tue, 29 Nov 2022 00:54:05 -0800


     [ 
https://issues.apache.org/jira/browse/TEZ-4458?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


László Bodor reassigned TEZ-4458:
---------------------------------

    Assignee: Mayank Kunwar

> Upgrade Bouncy Castle to 1.70 due to high CVEs
> ----------------------------------------------
>
>                 Key: TEZ-4458
>                 URL: https://issues.apache.org/jira/browse/TEZ-4458
>             Project: Apache Tez
>          Issue Type: Task
>            Reporter: Mayank Kunwar
>            Assignee: Mayank Kunwar
>            Priority: Major
>
> CVE-2020-28052 (HIGH severity) - An issue was discovered in Legion of the 
> Bouncy Castle BC Java 1.65 and 1.66. The OpenBSDBCrypt.checkPassword utility 
> method compared incorrect data when checking the password, allowing incorrect 
> passwords to indicate they were matching with previously hashed ones that 
> were different.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Assigned] (TEZ-4458) Upgrade Bouncy Castle to 1.70 due to high CVEs

Reply via email to