Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Update dependency org.bouncycastle:bcpkix-jdk18on to v1.78 [SECURITY] #1551

Merged
merged 1 commit into from
May 15, 2024
Merged

Update dependency org.bouncycastle:bcpkix-jdk18on to v1.78 [SECURITY] #1551

merged 1 commit into from
May 15, 2024

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented May 14, 2024

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
org.bouncycastle:bcpkix-jdk18on (source) 1.77 -> 1.78 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2024-29857

An issue was discovered in ECCurve.java and ECCurve.cs in Bouncy Castle Java (BC Java) before 1.78, BC Java LTS before 2.73.6, BC-FJA before 1.0.2.5, and BC C# .Net before 2.3.1. Importing an EC certificate with crafted F2m parameters can lead to excessive CPU consumption during the evaluation of the curve parameters.

CVE-2024-30172

An issue was discovered in Bouncy Castle Java Cryptography APIs before 1.78. An Ed25519 verification code infinite loop can occur via a crafted signature and public key.

CVE-2024-30171

An issue was discovered in Bouncy Castle Java TLS API and JSSE Provider before 1.78. Timing-based leakage may occur in RSA based handshakes because of exception processing.

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

@renovate renovate bot added the dependencies Pull requests that update a dependency file label May 14, 2024
@renovate renovate bot force-pushed the renovate/maven-org.bouncycastle-bcpkix-jdk18on-vulnerability branch from 81a6202 to a20b8c9 Compare May 15, 2024 16:57
@basil basil enabled auto-merge (squash) May 15, 2024 16:57
@basil basil merged commit 018880a into master May 15, 2024
25 of 26 checks passed
@basil basil deleted the renovate/maven-org.bouncycastle-bcpkix-jdk18on-vulnerability branch May 15, 2024 17:29
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@basil