-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3829-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff April 11, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : bouncycastle CVE ID : CVE-2015-6644 Quan Nguyen discovered that a missing boundary check in the Galois/Counter mode implementation of Bouncy Castle (a Java implementation of cryptographic algorithms) may result in information disclosure. For the stable distribution (jessie), this problem has been fixed in version 1.49+dfsg-3+deb8u2. For the upcoming stable distribution (stretch), this problem has been fixed in version 1.54-1. For the unstable distribution (sid), this problem has been fixed in version 1.54-1. We recommend that you upgrade your bouncycastle packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAljtQBMACgkQEMKTtsN8 TjbtAhAAr0BB7KLMM3KmphxUlXmGJDCr7s3rs831xuMHDxs1hzm0ykIJg/wHp/dc LngUdeY/qlESw0YUI687LrIi1WyIbNWFSZrAVHtI4Wdflo3GR7gTi2DrcqMCUDW1 qXPpT2++lbvyiqgJsinPaw7s8IJ3YihUp/rBcJTeXQvD5zs/mjB8cEDh38jDHXeM DdFQbVrn04Sp1Q0qjGDMEw6UtpghRxrOOvWXPUx7YsD1jGAQ2ZY6CmtEiEKhbEq5 M3G3E3FN0/vAq+ViqrO5TEKSFCNuqUxQGdy+pVB/fggIDgxg5jWSMokODKJa/HoD GYn1PNUF45UXHC0KCYpEbEwOZ/YSI61cHa/nOuIzPtY+AtrbDqxFHLX1SOdeGvvH +YiZRbKCY4dRXetUQpDwzaBxmRml99i6/Tsjlp2LMYeCjMgNDNmTcy0yrPg9Wy+0 zAwm+vvlFfuvVSY4d5RI85JhWd+iKjGJGmpbPF0gNldi706PMR3juPi+3aGCe3LT Go9pev5aZMhbRQSSrTNe1p7iKFjsUbF7TaKMZ/cxOsL2n/tdyqTEYZP37Ve8pwuB taTcQS+MwlyQFpMBJbPpJfCeB+Bc97jZCZIDiJdkm+Fi8mhIW7uANxNChz+1BHb5 1hGvGE6IXTMd54kgGzMhUG9LFH8WlYlqDeKGNZfSulyrIxHZ2vU= =RACT -----END PGP SIGNATURE-----