FS#69025 - [bcprov] [Security] authentication bypass (CVE-2020-28052)
Attached to Project:
Arch Linux
Opened by Jonas Witschel (diabonas) - Friday, 18 December 2020, 14:13 GMT
Last edited by Levente Polyak (anthraxx) - Sunday, 20 December 2020, 02:40 GMT
Opened by Jonas Witschel (diabonas) - Friday, 18 December 2020, 14:13 GMT
Last edited by Levente Polyak (anthraxx) - Sunday, 20 December 2020, 02:40 GMT
|
Details
Summary
======= The package bcprov is vulnerable to authentication bypass via CVE-2020-28052. Guidance ======== Updating to the latest version 1.67 fixes the issue. References ========== https://security.archlinux.org/AVG-1372 https://github.com/bcgit/bc-java/wiki/CVE-2020-28052 https://www.synopsys.com/blogs/software-security/cve-2020-28052-bouncy-castle/ https://github.com/bcgit/bc-java/commit/97578f9b7ed277e6ecb58834e85e3d18385a4219 |
This task depends upon
Closed by Levente Polyak (anthraxx)
Sunday, 20 December 2020, 02:40 GMT
Reason for closing: Fixed
Additional comments about closing: 1.67-1
Sunday, 20 December 2020, 02:40 GMT
Reason for closing: Fixed
Additional comments about closing: 1.67-1