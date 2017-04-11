-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256



- -------------------------------------------------------------------------

Debian Security Advisory DSA-3829-1 security@debian.org

https://www.debian.org/security/ Moritz Muehlenhoff

April 11, 2017 https://www.debian.org/security/faq

- -------------------------------------------------------------------------



Package : bouncycastle

CVE ID : CVE-2015-6644



Quan Nguyen discovered that a missing boundary check in the

Galois/Counter mode implementation of Bouncy Castle (a Java

implementation of cryptographic algorithms) may result in information

disclosure.



For the stable distribution (jessie), this problem has been fixed in

version 1.49+dfsg-3+deb8u2.



For the upcoming stable distribution (stretch), this problem has been

fixed in version 1.54-1.



For the unstable distribution (sid), this problem has been fixed in

version 1.54-1.



We recommend that you upgrade your bouncycastle packages.



-----BEGIN PGP SIGNATURE-----



iQIzBAEBCAAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAljtQBMACgkQEMKTtsN8

TjbtAhAAr0BB7KLMM3KmphxUlXmGJDCr7s3rs831xuMHDxs1hzm0ykIJg/wHp/dc

LngUdeY/qlESw0YUI687LrIi1WyIbNWFSZrAVHtI4Wdflo3GR7gTi2DrcqMCUDW1

qXPpT2++lbvyiqgJsinPaw7s8IJ3YihUp/rBcJTeXQvD5zs/mjB8cEDh38jDHXeM

DdFQbVrn04Sp1Q0qjGDMEw6UtpghRxrOOvWXPUx7YsD1jGAQ2ZY6CmtEiEKhbEq5

M3G3E3FN0/vAq+ViqrO5TEKSFCNuqUxQGdy+pVB/fggIDgxg5jWSMokODKJa/HoD

GYn1PNUF45UXHC0KCYpEbEwOZ/YSI61cHa/nOuIzPtY+AtrbDqxFHLX1SOdeGvvH

+YiZRbKCY4dRXetUQpDwzaBxmRml99i6/Tsjlp2LMYeCjMgNDNmTcy0yrPg9Wy+0

zAwm+vvlFfuvVSY4d5RI85JhWd+iKjGJGmpbPF0gNldi706PMR3juPi+3aGCe3LT

Go9pev5aZMhbRQSSrTNe1p7iKFjsUbF7TaKMZ/cxOsL2n/tdyqTEYZP37Ve8pwuB

taTcQS+MwlyQFpMBJbPpJfCeB+Bc97jZCZIDiJdkm+Fi8mhIW7uANxNChz+1BHb5

1hGvGE6IXTMd54kgGzMhUG9LFH8WlYlqDeKGNZfSulyrIxHZ2vU=

=RACT

-----END PGP SIGNATURE-----

