FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Several Security Defects in the Bouncy Castle Crypto APIs

Affected packages
bouncycastle15 < 1.60
0 <= puppetserver
puppetserver5 < 5.3.8
puppetserver6 < 6.2.1


VuXML ID fe93803c-883f-11e8-9f0c-001b216d295b
Discovery 2018-06-30
Entry 2018-07-15

The Legion of the Bouncy Castle reports:

Release 1.60 is now available for download.

CVE-2018-1000180: issue around primality tests for RSA key pair generation if done using only the low-level API.

CVE-2018-1000613: lack of class checking in deserialization of XMSS/XMSS^MT private keys with BDS state information.


CVE Name CVE-2018-1000180
CVE Name CVE-2018-1000613