Uploaded image for project: 'Puppet Server'
  1. Puppet Server
  2. SERVER-2189

Update to bouncycastle at least 1.59 in puppetserver

          Details

          • Type: Bug
          • Status: Closed
          • Priority: Critical
          • Resolution: Done
          • Affects Version/s: None
          • Fix Version/s: SERVER 6.6.0
          • Component/s: security
          • Labels:
          • QA Risk Assessment:
            Needs Assessment

            Description

            The master branch of puppetserver is pulling in bouncycastle through https://github.com/puppetlabs/jvm-ssl-utils. The version of bouncycastle should be updated to at least version 1.59 to address CVE-2017-13098 (https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-13098)

              Attachments

                Activity

                  People

                  • Assignee:
                    Unassigned
                    Reporter:
                    morgan Morgan Rhodes
                  • Votes:
                    0 Vote for this issue
                    Watchers:
                    5 Start watching this issue

                    Dates

                    • Created:
                      Updated:
                      Resolved:

                      Zendesk Support