Path: csiph.com!news.mixmin.net!eternal-september.org!feeder.eternal-september.org!aioe.org!bofh.it!news.nic.it!robomod From: Markus Koschany Newsgroups: linux.debian.maint.java Subject: Re: Bug: #802671 CVE-2015-7940 bouncycastle: ECC private keys can be recovered via invalid curve attack Date: Sun, 13 Dec 2015 23:00:02 +0100 Message-ID: References: X-Original-To: team@security.debian.org X-Mailbox-Line: From debian-java-request@lists.debian.org Sun Dec 13 21:57:24 2015 Old-Return-Path: X-Amavis-Spam-Status: No, score=-11.353 tagged_above=-10000 required=5.3 tests=[BAYES_00=-2, LDO_WHITELIST=-5, PGPSIGNATURE=-5, RCVD_IN_BL_SPAMCOP_NET=1.347, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham autolearn_force=no X-Policyd-Weight: using cached result; rate:hard: -5 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Icedove/38.4.0 MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="23hDkKn3TpIpL5R8e5sx6Nim0Goq47ASQ" X-Sa-Exim-Scanned: No (on richard.fcube.de); SAEximRunCond expanded to false X-Mailing-List: archive/latest/18990 List-ID: List-URL: List-Archive: https://lists.debian.org/msgid-search/566DE9B4.3010307@debian.org Approved: robomod@news.nic.it Lines: 50 Organization: linux.* mail to news gateway Sender: robomod@news.nic.it X-Original-Cc: debian-java@lists.debian.org, Raphael Hertzog X-Original-Date: Sun, 13 Dec 2015 22:57:08 +0100 X-Original-Message-ID: <566DE9B4.3010307@debian.org> X-Original-References: <566B09ED.9080006@gambaru.de> <20454835.fnDXSGqeG0@box> Xref: csiph.com linux.debian.maint.java:8671 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --23hDkKn3TpIpL5R8e5sx6Nim0Goq47ASQ Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Am 13.12.2015 um 21:37 schrieb Luciano Bello: [...] > They look good. Just make sure you use the version+debXuY format for th= e > wheezy version too (in this case 1.44+dfsg-3.1+deb7u1, iinm). >=20 > Dont forget to use -sa since is the first build for security. >=20 >=20 > Feel free to upload them after fixing this. Done. Regards, Markus --23hDkKn3TpIpL5R8e5sx6Nim0Goq47ASQ Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQJ8BAEBCgBmBQJWbem1XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRBQ0YzRDA4OEVGMzJFREVGNkExQTgzNUZE OUFEMTRCOTUxM0I1MUU0AAoJENmtFLlRO1HkZzUP/0fbLZ1gQorT3i/WPC5KoCK9 Cp07UJSWCEgKqNxYakh5l1KzjKxNwkiviZj1R6yS6D51rifFFOE//33STLxXBejJ 9wxYHqXV7yXmZUbRFjtoDYkSdytSn3P62ul8iGH2j3sEt8puM6aTlLEUiyqTYAY5 IgEswI70cR5eUNPGeZTlXAyW+zvO52qWgJsFdHZPby4QwI6oGsgp32Nfvx5j0zqf zbEtM2oLir70hysmNH5h6w+oC7J9613Wut25vMJ16CgsIBlFfl8SDb/iOuxhrMmI 2B4uTMDKBla0WLtIXv82yYwjlhJ6HtIcmPkfgfoPhq2sU+rxb4csyFLxnS5/TzLP u3cQpTlg14tvzw92jR74Q0nj8p4TFZ/68YORYfsWxKz+WYeIYbOG9Io34cTXQ3au tV+MQr4i4lRl3nnVM6HHYNhGmJImxxRk5sdI8DNQVkq3FcmoBi0dHMLqnN3cN1zJ jAJVhR+q2tjfwVAF7Y5fnVSPtpNf8lljstwFckZwO9zdIa7Z7UstttfSRViSGOAd vDR4mwIzcagdXlsIcJM6bCeTKgNQcegQ3hCwSE2clyjEF/bS2SQ5JdGcLqxAUCBM /dywzdh42O/drFVWk2xSHbzZdR9rEOPSo5Ouzf+aqKgryWl/xw+BGNKeGNBOk7PG tEpAgc6Yr6T2oyKlILZw =uJfX -----END PGP SIGNATURE----- --23hDkKn3TpIpL5R8e5sx6Nim0Goq47ASQ--