This is an automated email from the git hooks/post-receive script. apo pushed a commit to branch master in repository bouncycastle.
commit 92e4b9c3251a5600c7567250c04636d8ab8496d8 Author: Markus Koschany <a...@debian.org> Date: Tue Jan 16 21:46:37 2018 +0100 Drop CVE-2017-13098.patch. Fixed upstream. --- debian/patches/CVE-2017-13098.patch | 26 -------------------------- debian/patches/series | 1 - 2 files changed, 27 deletions(-) diff --git a/debian/patches/CVE-2017-13098.patch b/debian/patches/CVE-2017-13098.patch deleted file mode 100644 index 2ec65b0..0000000 --- a/debian/patches/CVE-2017-13098.patch +++ /dev/null @@ -1,26 +0,0 @@ -From a00b684465b38d722ca9a3543b8af8568e6bad5c Mon Sep 17 00:00:00 2001 -From: Peter Dettman <peter.dett...@bouncycastle.org> -Date: Tue, 12 Dec 2017 08:41:43 +0700 -Subject: [PATCH] Confirm size of decrypted PMS before using - ---- - .../tls/crypto/impl/jcajce/JceDefaultTlsCredentialedDecryptor.java | 6 +++++- - 1 file changed, 5 insertions(+), 1 deletion(-) - -diff --git a/tls/src/main/java/org/bouncycastle/tls/crypto/impl/jcajce/JceDefaultTlsCredentialedDecryptor.java b/tls/src/main/java/org/bouncycastle/tls/crypto/impl/jcajce/JceDefaultTlsCredentialedDecryptor.java -index c4ab53206..cea1df8b9 100644 ---- a/tls/src/main/java/org/bouncycastle/tls/crypto/impl/jcajce/JceDefaultTlsCredentialedDecryptor.java -+++ b/tls/src/main/java/org/bouncycastle/tls/crypto/impl/jcajce/JceDefaultTlsCredentialedDecryptor.java -@@ -97,7 +97,11 @@ protected TlsSecret safeDecryptPreMasterSecret(TlsCryptoParameters cryptoParams, - { - Cipher c = crypto.createRSAEncryptionCipher(); - c.init(Cipher.DECRYPT_MODE, rsaServerPrivateKey); -- M = c.doFinal(encryptedPreMasterSecret); -+ byte[] m = c.doFinal(encryptedPreMasterSecret); -+ if (m != null && m.length == 48) -+ { -+ M = m; -+ } - } - catch (Exception e) - { diff --git a/debian/patches/series b/debian/patches/series index a4c71d2..9a5b0b8 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -1,4 +1,3 @@ 02_index.patch fix-encoding.patch backward-compatibility.patch -CVE-2017-13098.patch -- Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-java/bouncycastle.git _______________________________________________ pkg-java-commits mailing list pkg-java-comm...@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-commits