jclouds-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF subversion and git services (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (JCLOUDS-437) jclouds-karaf depends on bouncycastle version affected by vulnerability CVE-2013-1624
Date Thu, 30 Jan 2014 02:15:09 GMT

    [ https://issues.apache.org/jira/browse/JCLOUDS-437?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13886186#comment-13886186
] 

ASF subversion and git services commented on JCLOUDS-437:
---------------------------------------------------------

Commit d73f1885d7f38b7f1d9fa69022d053c2b0899289 in branch refs/heads/1.6.x from [~janstey]
[ https://git-wip-us.apache.org/repos/asf?p=jclouds-karaf.git;h=d73f188 ]

JCLOUDS-437 - upgrade to bouncycastle 1.49 to fix CVE-2013-1624


> jclouds-karaf depends on bouncycastle version affected by vulnerability CVE-2013-1624
> -------------------------------------------------------------------------------------
>
>                 Key: JCLOUDS-437
>                 URL: https://issues.apache.org/jira/browse/JCLOUDS-437
>             Project: jclouds
>          Issue Type: Improvement
>    Affects Versions: 1.7.0, 1.6.3, 1.8.0
>            Reporter: Jonathan Anstey
>            Assignee: Andrew Phillips
>             Fix For: 1.8.0
>
>         Attachments: JCLOUDS-437.patch
>
>
> https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-1624 is fixed in bouncy castle 1.48
and newer. Bouncycastle should be upgraded for the next jclouds-karaf release to fix this
vulnerability.



--
This message was sent by Atlassian JIRA
(v6.1.5#6160)

Mime
View raw message