Changelog for
bouncycastle-1.60-65.134.noarch.rpm :
* Thu Jul 19 2018 tchvatalAATTsuse.com- Version update to 1.60 bsc#1100694:
* CVE-2018-1000613 Use of Externally-ControlledInput to Select Classes or Code
* CVE-2018-1000180: issue around primality tests for RSA key pair generation if done using only the low-level API [bsc#1096291]
* Release notes: http://www.bouncycastle.org/releasenotes.html
* Mon Jun 11 2018 abergmannAATTsuse.com- Version update to 1.59:
* CVE-2017-13098: Fix against Bleichenbacher oracle when not using the lightweight APIs (boo#1072697).
* CVE-2016-1000338: Fix DSA ASN.1 validation during encoding of signature on verification (boo#1095722).
* CVE-2016-1000339: Fix AESEngine key information leak via lookup table accesses (boo#1095853).
* CVE-2016-1000340: Fix carry propagation bugs in the implementation of squaring for several raw math classes (boo#1095854).
* CVE-2016-1000341: Fix DSA signature generation vulnerability to timing attack (boo#1095852).
* CVE-2016-1000342: Fix ECDSA ASN.1 validation during encoding of signature on verification (boo#1095850).
* CVE-2016-1000343: Fix week default settings for private DSA key pair generation (boo#1095849).
* CVE-2016-1000344: Remove DHIES from the provider to disable the unsafe usage of ECB mode (boo#1096026).
* CVE-2016-1000345: Fix DHIES/ECIES CBC mode padding oracle attack (boo#1096025).
* CVE-2016-1000346: Fix other party DH public key validation (boo#1096024).
* CVE-2016-1000352: Remove ECIES from the provider to disable the unsafe usage of ECB mode (boo#1096022).
* Release notes: http://www.bouncycastle.org/releasenotes.html- Removed patch:
* ambiguous-reseed.patch
* Tue May 15 2018 fstrbaAATTsuse.com- Build with source and target 8 to prepare for a possible removal of 1.6 compatibility
* Fri Sep 15 2017 fstrbaAATTsuse.com- Version update to 1.58- Added patch:
* ambiguous-reseed.patch + Upstream fix for an ambiguous overload
* Thu Sep 07 2017 fstrbaAATTsuse.com- Set java source and target to 1.6 to allow building with jdk9
* Fri May 19 2017 pcervinkaAATTsuse.com- New build dependency: javapackages-local- Fixed requires- Spec file cleaned
* Sat Feb 20 2016 tchvatalAATTsuse.com- Version update to 1.54:
* No obvious changelog to be found
* Fixes bnc#967521 CVE-2015-7575
* Fri Oct 23 2015 tchvatalAATTsuse.com- Version update to 1.53 (latest upstream)
* No obvious changelog
* Fixes bnc#951727 CVE-2015-7940
* Wed Mar 18 2015 tchvatalAATTsuse.com- Fix build with new javapackages-tools
* Fri Feb 20 2015 tchvatalAATTsuse.com- Disable tests on obs as they hang
* Tue Feb 10 2015 tchvatalAATTsuse.com- Version bump to 1.50 to match Fedora- Cleanup with spec-cleaner