Re: Bug: #802671 CVE-2015-7940 bouncycastle: ECC private keys can be recovered via invalid curve attack

To: team@security.debian.org
Cc: debian-java@lists.debian.org, Raphael Hertzog <hertzog@debian.org>
Subject: Re: Bug: #802671 CVE-2015-7940 bouncycastle: ECC private keys can be recovered via invalid curve attack
From: Markus Koschany <apo@debian.org>
Date: Sun, 13 Dec 2015 22:57:08 +0100
Message-id: <[🔎] 566DE9B4.3010307@debian.org>
In-reply-to: <20454835.fnDXSGqeG0@box>
References: <566B09ED.9080006@gambaru.de> <20454835.fnDXSGqeG0@box>

Am 13.12.2015 um 21:37 schrieb Luciano Bello:
[...]
> They look good. Just make sure you use the version+debXuY format for the
> wheezy version too (in this case 1.44+dfsg-3.1+deb7u1, iinm).
> 
> Dont forget to use -sa since is the first build for security.
> 
> 
> Feel free to upload them after fixing this.

Done.

Regards,

Markus

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to:

Prev by Date: Re: plans for eclipse luna in debian
Next by Date: getting lombok into Debian
Previous by thread: Bug: #802671 CVE-2015-7940 bouncycastle: ECC private keys can be recovered via invalid curve attack
Next by thread: Re: plans for eclipse luna in debian
Index(es):
- Date
- Thread