* CVE-2016-1000338: Fix DSA ASN.1 validation during encoding of

signature on verification (boo#1095722).                                  
  * CVE-2016-1000339: Fix AESEngine key information leak via lookup           
    table accesses (boo#1095853).                                             
  * CVE-2016-1000340: Fix carry propagation bugs in the                       
    implementation of squaring for several raw math classes                   
    (boo#1095854).                                                            
  * CVE-2016-1000341: Fix DSA signature generation vulnerability to           
    timing attack (boo#1095852).                                              
  * CVE-2016-1000342: Fix ECDSA ASN.1 validation during encoding of           
    signature on verification (boo#1095850).                                  
  * CVE-2016-1000343: Fix week default settings for private DSA key           
    pair generation (boo#1095849).                                            
  * CVE-2016-1000344: Remove DHIES from the provider to disable the           
    unsafe usage of ECB mode (boo#1096026).                                   
  * CVE-2016-1000345: Fix DHIES/ECIES CBC mode padding oracle                 
    attack (boo#1096025).                                                     
  * CVE-2016-1000346: Fix other party DH public key validation                
    (boo#1096024).                                                            
  * CVE-2016-1000352: Remove ECIES from the provider to disable the           
    unsafe usage of ECB mode (boo#1096022).

OBS-URL: https://build.opensuse.org/package/show/Java:packages/bouncycastle?expand=0&rev=41

bouncycastle.changes

@@ -12,6 +12,27 @@ Mon Jun 11 12:32:43 UTC 2018 - abergmann@suse.com
 - Version update to 1.59: 
   * CVE-2017-13098: Fix against Bleichenbacher oracle when not
     using the lightweight APIs (boo#1072697).
+  * CVE-2016-1000338: Fix DSA ASN.1 validation during encoding of             
+    signature on verification (boo#1095722).                                  
+  * CVE-2016-1000339: Fix AESEngine key information leak via lookup           
+    table accesses (boo#1095853).                                             
+  * CVE-2016-1000340: Fix carry propagation bugs in the                       
+    implementation of squaring for several raw math classes                   
+    (boo#1095854).                                                            
+  * CVE-2016-1000341: Fix DSA signature generation vulnerability to           
+    timing attack (boo#1095852).                                              
+  * CVE-2016-1000342: Fix ECDSA ASN.1 validation during encoding of           
+    signature on verification (boo#1095850).                                  
+  * CVE-2016-1000343: Fix week default settings for private DSA key           
+    pair generation (boo#1095849).                                            
+  * CVE-2016-1000344: Remove DHIES from the provider to disable the           
+    unsafe usage of ECB mode (boo#1096026).                                   
+  * CVE-2016-1000345: Fix DHIES/ECIES CBC mode padding oracle                 
+    attack (boo#1096025).                                                     
+  * CVE-2016-1000346: Fix other party DH public key validation                
+    (boo#1096024).                                                            
+  * CVE-2016-1000352: Remove ECIES from the provider to disable the           
+    unsafe usage of ECB mode (boo#1096022). 
   * Release notes:
     http://www.bouncycastle.org/releasenotes.html
 - Removed patch: