- Version update to 1.59:

* CVE-2016-1000338: Fix DSA ASN.1 validation during encoding of signature on verification (boo#1095722). * CVE-2016-1000339: Fix AESEngine key information leak via lookup table accesses (boo#1095853). * CVE-2016-1000340: Fix carry propagation bugs in the implementation of squaring for several raw math classes (boo#1095854). * CVE-2016-1000341: Fix DSA signature generation vulnerability to timing attack (boo#1095852). * CVE-2016-1000342: Fix ECDSA ASN.1 validation during encoding of signature on verification (boo#1095850). * CVE-2016-1000343: Fix week default settings for private DSA key pair generation (boo#1095849). * CVE-2016-1000344: Remove DHIES from the provider to disable the unsafe usage of ECB mode (boo#1096026). * CVE-2016-1000345: Fix DHIES/ECIES CBC mode padding oracle attack (boo#1096025). * CVE-2016-1000346: Fix other party DH public key validation (boo#1096024). * CVE-2016-1000352: Remove ECIES from the provider to disable the unsafe usage of ECB mode (boo#1096022). - bumb target to 1.6 OBS-URL: https://build.opensuse.org/package/show/Java:packages/bouncycastle?expand=0&rev=42
2018-07-19 10:30:58 +00:00 · 2018-07-19 10:30:58 +00:00 · 8251734ae4
commit 8251734ae4
parent 090feffdfa
1 changed files with 23 additions and 23 deletions
--- a/bouncycastle.changes
+++ b/bouncycastle.changes
@ -9,30 +9,30 @@ Thu Jul 19 10:24:12 UTC 2018 - tchvatal@suse.com
 -------------------------------------------------------------------
 Mon Jun 11 12:32:43 UTC 2018 - abergmann@suse.com
- Version update to 1.59: 
+- Version update to 1.59:
  * CVE-2017-13098: Fix against Bleichenbacher oracle when not
    using the lightweight APIs (boo#1072697).
-  * CVE-2016-1000338: Fix DSA ASN.1 validation during encoding of             
+  * CVE-2016-1000338: Fix DSA ASN.1 validation during encoding of
-    signature on verification (boo#1095722).                                  
+    signature on verification (boo#1095722).
-  * CVE-2016-1000339: Fix AESEngine key information leak via lookup           
+  * CVE-2016-1000339: Fix AESEngine key information leak via lookup
-    table accesses (boo#1095853).                                             
+    table accesses (boo#1095853).
-  * CVE-2016-1000340: Fix carry propagation bugs in the                       
+  * CVE-2016-1000340: Fix carry propagation bugs in the
-    implementation of squaring for several raw math classes                   
+    implementation of squaring for several raw math classes
-    (boo#1095854).                                                            
+    (boo#1095854).
-  * CVE-2016-1000341: Fix DSA signature generation vulnerability to           
+  * CVE-2016-1000341: Fix DSA signature generation vulnerability to
-    timing attack (boo#1095852).                                              
+    timing attack (boo#1095852).
-  * CVE-2016-1000342: Fix ECDSA ASN.1 validation during encoding of           
+  * CVE-2016-1000342: Fix ECDSA ASN.1 validation during encoding of
-    signature on verification (boo#1095850).                                  
+    signature on verification (boo#1095850).
-  * CVE-2016-1000343: Fix week default settings for private DSA key           
+  * CVE-2016-1000343: Fix week default settings for private DSA key
-    pair generation (boo#1095849).                                            
+    pair generation (boo#1095849).
-  * CVE-2016-1000344: Remove DHIES from the provider to disable the           
+  * CVE-2016-1000344: Remove DHIES from the provider to disable the
-    unsafe usage of ECB mode (boo#1096026).                                   
+    unsafe usage of ECB mode (boo#1096026).
-  * CVE-2016-1000345: Fix DHIES/ECIES CBC mode padding oracle                 
+  * CVE-2016-1000345: Fix DHIES/ECIES CBC mode padding oracle
-    attack (boo#1096025).                                                     
+    attack (boo#1096025).
-  * CVE-2016-1000346: Fix other party DH public key validation                
+  * CVE-2016-1000346: Fix other party DH public key validation
-    (boo#1096024).                                                            
+    (boo#1096024).
-  * CVE-2016-1000352: Remove ECIES from the provider to disable the           
+  * CVE-2016-1000352: Remove ECIES from the provider to disable the
-    unsafe usage of ECB mode (boo#1096022). 
+    unsafe usage of ECB mode (boo#1096022).
  * Release notes:
    http://www.bouncycastle.org/releasenotes.html
 - Removed patch:
@ -124,7 +124,7 @@ Wed Aug 28 08:25:18 UTC 2013 - mvyskocil@suse.com
 -------------------------------------------------------------------
 Fri May 18 12:39:28 UTC 2012 - mvyskocil@suse.cz
- bumb target to 1.6 
+- bumb target to 1.6
 -------------------------------------------------------------------
 Mon Jan 16 14:19:33 UTC 2012 - mvyskocil@suse.cz