Hello community, here is the log from the commit of package bouncycastle for openSUSE:Factory checked in at 2018-07-28 12:37:11 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/bouncycastle (Old) and /work/SRC/openSUSE:Factory/.bouncycastle.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "bouncycastle" Sat Jul 28 12:37:11 2018 rev:20 rq:624022 version:1.60 Changes: -------- --- /work/SRC/openSUSE:Factory/bouncycastle/bouncycastle.changes 2018-06-22 13:13:35.807012438 +0200 +++ /work/SRC/openSUSE:Factory/.bouncycastle.new/bouncycastle.changes 2018-07-28 12:37:15.136062731 +0200 @@ -1,0 +2,8 @@ +Thu Jul 19 10:24:12 UTC 2018 - [email protected] + +- Version update to 1.60 bsc#1100694: + * CVE-2018-1000613 Use of Externally-ControlledInput to Select Classes or Code + * Release notes: + http://www.bouncycastle.org/releasenotes.html + +------------------------------------------------------------------- @@ -6,0 +15,21 @@ + * CVE-2016-1000338: Fix DSA ASN.1 validation during encoding of + signature on verification (boo#1095722). + * CVE-2016-1000339: Fix AESEngine key information leak via lookup + table accesses (boo#1095853). + * CVE-2016-1000340: Fix carry propagation bugs in the + implementation of squaring for several raw math classes + (boo#1095854). + * CVE-2016-1000341: Fix DSA signature generation vulnerability to + timing attack (boo#1095852). + * CVE-2016-1000342: Fix ECDSA ASN.1 validation during encoding of + signature on verification (boo#1095850). + * CVE-2016-1000343: Fix week default settings for private DSA key + pair generation (boo#1095849). + * CVE-2016-1000344: Remove DHIES from the provider to disable the + unsafe usage of ECB mode (boo#1096026). + * CVE-2016-1000345: Fix DHIES/ECIES CBC mode padding oracle + attack (boo#1096025). + * CVE-2016-1000346: Fix other party DH public key validation + (boo#1096024). + * CVE-2016-1000352: Remove ECIES from the provider to disable the + unsafe usage of ECB mode (boo#1096022). Old: ---- bcprov-jdk15on-1.59.pom bcprov-jdk15on-159.tar.gz New: ---- bcprov-jdk15on-1.60.pom bcprov-jdk15on-160.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ bouncycastle.spec ++++++ --- /var/tmp/diff_new_pack.Pr0Cim/_old 2018-07-28 12:37:16.388065135 +0200 +++ /var/tmp/diff_new_pack.Pr0Cim/_new 2018-07-28 12:37:16.392065142 +0200 @@ -16,8 +16,8 @@ # -%define ver 1.59 -%define shortver 159 +%define ver 1.60 +%define shortver 160 %define archivever jdk15on-%{shortver} %define classname org.bouncycastle.jce.provider.BouncyCastleProvider Name: bouncycastle ++++++ bcprov-jdk15on-1.59.pom -> bcprov-jdk15on-1.60.pom ++++++ --- /work/SRC/openSUSE:Factory/bouncycastle/bcprov-jdk15on-1.59.pom 2018-06-22 13:13:34.679054266 +0200 +++ /work/SRC/openSUSE:Factory/.bouncycastle.new/bcprov-jdk15on-1.60.pom 2018-07-28 12:37:14.764062017 +0200 @@ -5,7 +5,7 @@ <artifactId>bcprov-jdk15on</artifactId> <packaging>jar</packaging> <name>Bouncy Castle Provider</name> - <version>1.59</version> + <version>1.60</version> <description>The Bouncy Castle Crypto package is a Java implementation of cryptographic algorithms. This jar contains JCE provider and lightweight API for the Bouncy Castle Cryptography APIs for JDK 1.5 to JDK 1.8.</description> <url>http://www.bouncycastle.org/java.html</url> <licenses> ++++++ bcprov-jdk15on-159.tar.gz -> bcprov-jdk15on-160.tar.gz ++++++ /work/SRC/openSUSE:Factory/bouncycastle/bcprov-jdk15on-159.tar.gz /work/SRC/openSUSE:Factory/.bouncycastle.new/bcprov-jdk15on-160.tar.gz differ: char 5, line 1
