diff --git a/bcprov-jdk15on-1.59.pom b/bcprov-jdk15on-1.60.pom
similarity index 97%
rename from bcprov-jdk15on-1.59.pom
rename to bcprov-jdk15on-1.60.pom
index 880255d..685d22f 100644
--- a/bcprov-jdk15on-1.59.pom
+++ b/bcprov-jdk15on-1.60.pom
@@ -5,7 +5,7 @@
bcprov-jdk15on
jar
Bouncy Castle Provider
- 1.59
+ 1.60
The Bouncy Castle Crypto package is a Java implementation of cryptographic algorithms. This jar contains JCE provider and lightweight API for the Bouncy Castle Cryptography APIs for JDK 1.5 to JDK 1.8.
http://www.bouncycastle.org/java.html
diff --git a/bcprov-jdk15on-159.tar.gz b/bcprov-jdk15on-159.tar.gz
deleted file mode 100644
index ada8dfe..0000000
--- a/bcprov-jdk15on-159.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:1277950662009c57575ad11f696a2824e6c8866f8f1331dd9b7b180b8697c91a
-size 9065780
diff --git a/bcprov-jdk15on-160.tar.gz b/bcprov-jdk15on-160.tar.gz
new file mode 100644
index 0000000..9545507
--- /dev/null
+++ b/bcprov-jdk15on-160.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:92c042beb96bffec0890778ab036ac14d16f35da2ef21eaef8d8d23f340ee686
+size 9207686
diff --git a/bouncycastle.changes b/bouncycastle.changes
index b9326f1..11f233e 100644
--- a/bouncycastle.changes
+++ b/bouncycastle.changes
@@ -1,9 +1,38 @@
+-------------------------------------------------------------------
+Thu Jul 19 10:24:12 UTC 2018 - tchvatal@suse.com
+
+- Version update to 1.60 bsc#1100694:
+ * CVE-2018-1000613 Use of Externally-ControlledInput to Select Classes or Code
+ * Release notes:
+ http://www.bouncycastle.org/releasenotes.html
+
-------------------------------------------------------------------
Mon Jun 11 12:32:43 UTC 2018 - abergmann@suse.com
-- Version update to 1.59:
+- Version update to 1.59:
* CVE-2017-13098: Fix against Bleichenbacher oracle when not
using the lightweight APIs (boo#1072697).
+ * CVE-2016-1000338: Fix DSA ASN.1 validation during encoding of
+ signature on verification (boo#1095722).
+ * CVE-2016-1000339: Fix AESEngine key information leak via lookup
+ table accesses (boo#1095853).
+ * CVE-2016-1000340: Fix carry propagation bugs in the
+ implementation of squaring for several raw math classes
+ (boo#1095854).
+ * CVE-2016-1000341: Fix DSA signature generation vulnerability to
+ timing attack (boo#1095852).
+ * CVE-2016-1000342: Fix ECDSA ASN.1 validation during encoding of
+ signature on verification (boo#1095850).
+ * CVE-2016-1000343: Fix week default settings for private DSA key
+ pair generation (boo#1095849).
+ * CVE-2016-1000344: Remove DHIES from the provider to disable the
+ unsafe usage of ECB mode (boo#1096026).
+ * CVE-2016-1000345: Fix DHIES/ECIES CBC mode padding oracle
+ attack (boo#1096025).
+ * CVE-2016-1000346: Fix other party DH public key validation
+ (boo#1096024).
+ * CVE-2016-1000352: Remove ECIES from the provider to disable the
+ unsafe usage of ECB mode (boo#1096022).
* Release notes:
http://www.bouncycastle.org/releasenotes.html
- Removed patch:
@@ -95,7 +124,7 @@ Wed Aug 28 08:25:18 UTC 2013 - mvyskocil@suse.com
-------------------------------------------------------------------
Fri May 18 12:39:28 UTC 2012 - mvyskocil@suse.cz
-- bumb target to 1.6
+- bumb target to 1.6
-------------------------------------------------------------------
Mon Jan 16 14:19:33 UTC 2012 - mvyskocil@suse.cz
diff --git a/bouncycastle.spec b/bouncycastle.spec
index 1afd313..30ec4c1 100644
--- a/bouncycastle.spec
+++ b/bouncycastle.spec
@@ -16,8 +16,8 @@
#
-%define ver 1.59
-%define shortver 159
+%define ver 1.60
+%define shortver 160
%define archivever jdk15on-%{shortver}
%define classname org.bouncycastle.jce.provider.BouncyCastleProvider
Name: bouncycastle