Bug#884241: bouncycastle: CVE-2017-13098

2017-12-17 Thread Markus Koschany
Control: owner -1 ! I'm working on a fix right now. Markus signature.asc Description: OpenPGP digital signature __ This is the maintainer address of Debian's Java team . Please use debian-j...@lists.debian.org for

Bug#884241: bouncycastle: CVE-2017-13098

2017-12-12 Thread Salvatore Bonaccorso
Source: bouncycastle Version: 1.57-1 Severity: grave Tags: patch security upstream Hi, the following vulnerability was published for bouncycastle. CVE-2017-13098[0]: | Information leak by distinguish valid and invalid RSA PKCS #1 v1.5 | paddings based on different server responses. If you fix