Debian Security Advisory
DSA-3829-1 bouncycastle -- security update
- Date Reported:
- 11 Apr 2017
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2015-6644.
- More information:
Quan Nguyen discovered that a missing boundary check in the Galois/Counter mode implementation of Bouncy Castle (a Java implementation of cryptographic algorithms) may result in information disclosure.
For the stable distribution (jessie), this problem has been fixed in version 1.49+dfsg-3+deb8u2.
For the upcoming stable distribution (stretch), this problem has been fixed in version 1.54-1.
For the unstable distribution (sid), this problem has been fixed in version 1.54-1.
We recommend that you upgrade your bouncycastle packages.