FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Several Security Defects in the Bouncy Castle Crypto APIs

Affected packages
bouncycastle15 < 1.60

Details

VuXML ID fe93803c-883f-11e8-9f0c-001b216d295b
Discovery 2018-06-30
Entry 2018-07-15

The Legion of the Bouncy Castle reports:

Release 1.60 is now available for download.

CVE-2018-1000180: issue around primality tests for RSA key pair generation if done using only the low-level API.

CVE-2018-1000613: lack of class checking in deserialization of XMSS/XMSS^MT private keys with BDS state information.

References

CVE Name CVE-2018-1000180
CVE Name CVE-2018-1000613
URL https://www.bouncycastle.org/latest_releases.html