Your message dated Sun, 24 Jun 2018 16:17:10 +0000
with message-id <e1fx7ho-0000di...@fasolo.debian.org>
and subject line Bug#900843: fixed in bouncycastle 1.56-1+deb9u2
has caused the Debian Bug report #900843,
regarding bouncycastle: CVE-2018-1000180
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
900843: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900843
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: bouncycastle
Version: 1.54-1
Severity: grave
Tags: patch security upstream
Justification: user security hole
Forwarded: https://www.bouncycastle.org/jira/browse/BJA-694
Hi,
The following vulnerability was published for bouncycastle.
CVE-2018-1000180[0]:
| Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and earlier
| have a flaw in the Low-level interface to RSA key pair generator,
| specifically RSA Key Pairs generated in low-level API with added
| certainty may have less M-R tests than expected. This appears to be
| fixed in versions BC 1.60 beta 4 and later, BC-FJA 1.0.2 and later.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2018-1000180
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000180
[1] https://www.bouncycastle.org/jira/browse/BJA-694
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: bouncycastle
Source-Version: 1.56-1+deb9u2
We believe that the bug you reported is fixed in the latest version of
bouncycastle, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 900...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Markus Koschany <a...@debian.org> (supplier of updated bouncycastle package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 13 Jun 2018 00:25:10 +0200
Source: bouncycastle
Binary: libbcprov-java libbcprov-java-doc libbcmail-java libbcmail-java-doc
libbcpkix-java libbcpkix-java-doc libbcpg-java libbcpg-java-doc
Architecture: source all
Version: 1.56-1+deb9u2
Distribution: stretch-security
Urgency: high
Maintainer: Debian Java Maintainers
<pkg-java-maintain...@lists.alioth.debian.org>
Changed-By: Markus Koschany <a...@debian.org>
Description:
libbcmail-java - Bouncy Castle generators/processors for S/MIME and CMS
libbcmail-java-doc - Bouncy Castle generators/processors for S/MIME and CMS
(Documenta
libbcpg-java - Bouncy Castle generators/processors for OpenPGP
libbcpg-java-doc - Bouncy Castle generators/processors for OpenPGP
(Documentation)
libbcpkix-java - Bouncy Castle Java API for PKIX, CMS, EAC, TSP, PKCS, OCSP,
CMP,
libbcpkix-java-doc - Bouncy Castle Java API for PKIX, CMS, EAC, TSP, PKCS...
(Document
libbcprov-java - Bouncy Castle Java Cryptographic Service Provider
libbcprov-java-doc - Bouncy Castle Java Cryptographic Service Provider
(Documentation)
Closes: 900843
Changes:
bouncycastle (1.56-1+deb9u2) stretch-security; urgency=high
.
* Team upload.
* Fix CVE-2018-1000180. (Closes: #900843)
Checksums-Sha1:
9dd3d448f48681b4f4185c91a0940dda3d5aae75 2717 bouncycastle_1.56-1+deb9u2.dsc
dbbf5e0838df8ec09283c660f87085a41a3ffc8e 11116
bouncycastle_1.56-1+deb9u2.debian.tar.xz
375f5e273c7a1f465c6f24093f3cb92d460d8f94 13341
bouncycastle_1.56-1+deb9u2_amd64.buildinfo
e3a0c95cf01b025b34edeee3f17cc6a46ca9253b 97576
libbcmail-java-doc_1.56-1+deb9u2_all.deb
8981ac328cc8803d5315af0960108d26cbf36f84 152204
libbcmail-java_1.56-1+deb9u2_all.deb
6c702f40025f244d1b97a014a120e3948b4a6aa2 186052
libbcpg-java-doc_1.56-1+deb9u2_all.deb
3c1e54ef88003db94a7173137b3210050940c0c9 351418
libbcpg-java_1.56-1+deb9u2_all.deb
c69aef85789d5064c9ce6a9d0d80923221adb890 338980
libbcpkix-java-doc_1.56-1+deb9u2_all.deb
93448a45941e6af7a3a31598749c8a58f8e909ed 714420
libbcpkix-java_1.56-1+deb9u2_all.deb
81b10686b2a8e3d25a0080a2b40b2c3ab588ba3c 1934500
libbcprov-java-doc_1.56-1+deb9u2_all.deb
f79f4eb6eb8fad72f785ef926472649341af4d03 3636712
libbcprov-java_1.56-1+deb9u2_all.deb
Checksums-Sha256:
06d1564827028cf629d249a54e0072238f48217a7e8f174fc59b2a9aa3cf10fc 2717
bouncycastle_1.56-1+deb9u2.dsc
f54f53056e39e670926c8dedabe8833d5b205c9ca17a31b6cbd0b4810dddc4d0 11116
bouncycastle_1.56-1+deb9u2.debian.tar.xz
69cbf079e06f1ef7347caf5612b4283b1b740560d1e3f8d09d3c2c991a01c48e 13341
bouncycastle_1.56-1+deb9u2_amd64.buildinfo
9edcd2c7b26803144396941bf1e964e5bc7e708455fc5e79244aa025eaed29b5 97576
libbcmail-java-doc_1.56-1+deb9u2_all.deb
96c56d1c2ccb9c9cf0f86d34901770cd5b7cb067ced1a51f0557f80da8738132 152204
libbcmail-java_1.56-1+deb9u2_all.deb
6236810eb039380d8d09e111d9ddbe22793e6b920af4e8eb7ce529d16d6e5246 186052
libbcpg-java-doc_1.56-1+deb9u2_all.deb
1596361f9b0ccce3fdc8ae7990f74b985bb2af07dcdb8aa4ac00ca54343d4b1f 351418
libbcpg-java_1.56-1+deb9u2_all.deb
bca5c860c0efd088e33f0b11515e2017759f7a93190e8a2b93e05a9e383e062b 338980
libbcpkix-java-doc_1.56-1+deb9u2_all.deb
49e85bb11bf23da62a657f28a8874437a07599e8e657704c57381b600a80c435 714420
libbcpkix-java_1.56-1+deb9u2_all.deb
e556503f9285d7278db0dc80f34948c2d6f505f534e4159df7aab6b2b325d2ea 1934500
libbcprov-java-doc_1.56-1+deb9u2_all.deb
478823d9ccbab9b29dd711ec7603a2b8d9bf014370ae5a707ab19258ac3ae431 3636712
libbcprov-java_1.56-1+deb9u2_all.deb
Files:
fbf2308db7aec423a0f05864e76a0690 2717 java optional
bouncycastle_1.56-1+deb9u2.dsc
f72a4bb0fa4f14411bbda5d2bcbbd3bd 11116 java optional
bouncycastle_1.56-1+deb9u2.debian.tar.xz
5fdb0e5c8157497c65e0f8aab7f50f6a 13341 java optional
bouncycastle_1.56-1+deb9u2_amd64.buildinfo
bfa82b35567779ef69e0683a268ed087 97576 doc optional
libbcmail-java-doc_1.56-1+deb9u2_all.deb
631dea159d731e34ba188026bc42e99c 152204 java optional
libbcmail-java_1.56-1+deb9u2_all.deb
c6da6cace005325bfac59cc034d6d935 186052 doc optional
libbcpg-java-doc_1.56-1+deb9u2_all.deb
231cbb8f8ddd66bb9b12c81b27572b47 351418 java optional
libbcpg-java_1.56-1+deb9u2_all.deb
7e3bb1e0cc4a7d79b36ffc17de18aa9d 338980 doc optional
libbcpkix-java-doc_1.56-1+deb9u2_all.deb
8f4d2bfd5703705f76e87ac5740e9f98 714420 java optional
libbcpkix-java_1.56-1+deb9u2_all.deb
5d5220e90166cfcc0a7dd1842fcacc11 1934500 doc optional
libbcprov-java-doc_1.56-1+deb9u2_all.deb
88d8c3a8e22e2882e08b29f34f2e160a 3636712 java optional
libbcprov-java_1.56-1+deb9u2_all.deb
-----BEGIN PGP SIGNATURE-----
iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlshjLpfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkY1sQAJFL5GEgUJp9LdjEmewUWvmb2dzrKADYiarK
wZ4cYkCDuVYsoKvTFG6Py4VBTIa16KK1Sy8tohYe94VpwN8C4K0dC0xSziyJ2jRH
wSBCffzAJp0Ort2bzlDzXkDQyXSqcqc/FPRBd732LEuV53z7EBIT4OffoihdHXxF
NTIgDKxE6yWLPyh1zobBmLyuI5svpgxMW/H9i8T4TGedNhvnMI+drk4zMpRLg9rk
32TgQ3z9gg3ZumqmXZU6WjvP2fgr2Rn3kKOCQzl/leb8Xc5o7nADvhRYqNoEiyee
rLJ1wu66IQGbnjjQxpgMsLqucb98fpOVEB0ClqKnrYwMJSRGYkQoZYfW5HNCJdAa
lHjfBlQlAVOi4QRg0/ry1W/4HJrrY4VjFvPd2eN7hmcX082DK50qcLPaLVmyyXVh
xpqBd2A7jbfDlgPc835bsI/2SEL9cPIOtEUGxvNCuVqcSv2UH3Rv68OHzSAEjQDI
eOFWhxCycq4xT3UPKfdqf0QTCJRJQIIgIIWitS8xbMCB9Vwg1Q1kH464w7j4KKUe
P6NK1Ei7byDe/U8OoJqKLAU52YWdnOcDqx408L44PuvhdF+0n0d+ACUksRyCS889
rGbXSbOD0qZxCdKomX7u6KOBmAAegNZpBq5X5rH3JjYm2IO64/ie55d78Tw7ALZ6
Y30tVaDf
=7jaa
-----END PGP SIGNATURE-----
--- End Message ---
