-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2433-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb November 05, 2020 https://wiki.debian.org/LTS - -------------------------------------------------------------------------
Package : bouncycastle Version : 1.56-1+deb9u3 CVE ID : CVE-2020-26939 It was discovered that there was an issue in the bouncycastle crypto library where attackers could obtain sensitive information due to observable differences in its response to invalid input. For Debian 9 "Stretch", this problem has been fixed in version 1.56-1+deb9u3. We recommend that you upgrade your bouncycastle packages. For the detailed security status of bouncycastle please refer to its security tracker page at: https://security-tracker.debian.org/tracker/bouncycastle Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAl+j2bQACgkQHpU+J9Qx Hli+eBAAj1TtRNOqv6e3OVpi60MeXpsXYB1lPVd1ciPYjruq5mIbQbLCFK30T747 +beP5PKgsPELjXOQvwzgfjj11x7C+gAL0jlkWDibxHynLDVkwuXRZlbyZl09iI6q NtJvQdpWulaC5KxQSwW6T6bbhDB3kqHIEtGwXrmRKP5SW92azvzXA/sqiPrZHCHX Nqc/3QQ22m6rr9bUKRhNv3OBM/YLtQCfXMpBkct+a2vundCIxTDMp26xdPWrWYFK W0KkQR0qU8StBu3HKV3gpv4WtFUACGMWzkMyoRKOcFBFb3ynxf2zGTzCBBwb77or /R2FE1d/6LpMfIrBY1R1B/tkzbhjM+DkeUfA98fXII6TIWplG+f6oKixqIr9soQ4 lYExr4llnZ+DifzPq5+/ksBarbFnKWuhmbrR65x3mJX1MBj2IM8K0cbCDcDF0Du0 hmbB8OYoC4DUxEvGCJ1SF5qzb+5BpmWm84fRboPAdNZHKhSpYJQ4OsG8V/Mmf+uu Xpr56x99ffYr6AavR2riOUl8sNkQ6RswW2aTz4EK0NN/tjA9muyi4xHQUpBuB0jO 9oFmY3XoYPJhFKDnFAg2XMWKrzgmrr9dfcotuU76bY45Z1j64zGFD4GKP29ZrcbW XI7FmWRTV1XdMFUPuoPd7cwzHOr5SYzJk4LtAwCVVkpc8BGOir8= =wAZE -----END PGP SIGNATURE-----
