Source: bouncycastle Severity: important User: debian-...@lists.debian.org Usertags: upstream-trixie X-Debbugs-Cc: debian-...@lists.debian.org
Dear bouncycastle maintainer(s), Testing (trixie) currently ships bouncycastle 1.77. Upstream released the latest version, 1.80, on January 14th 2025. While I am not aware of any release schedule and EOL policy for bouncycastle, I would say that the more recent release can be included in trixie, the better. And the easier would be to provide security updates to the users during the trixie life cycle. It is worth noting that upstream has already fixed these four (minor) security issues, with v1.78: https://security-tracker.debian.org/tracker/CVE-2024-29857, https://security-tracker.debian.org/tracker/CVE-2024-30171, https://security-tracker.debian.org/tracker/CVE-2024-30172, and https://security-tracker.debian.org/tracker/CVE-2024-34447. If you need or want help packaging this recent upstream version, please don't hesitate to speak up. Someone from the LTS team may be interested in contributing (CC'ing debian-lts). Best regards, -- Santiago, for the LTS Team.
signature.asc
Description: PGP signature
