1
Candidate: CVE-2018-1000180
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000180
5
https://www.bouncycastle.org/jira/browse/BJA-694
6
https://www.bountysource.com/issues/58293083-rsa-key-generation-computation-of-iterations-for-mr-primality-test
8
Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and earlier have a
9
flaw in the Low-level interface to RSA key pair generator, specifically RSA
10
Key Pairs generated in low-level API with added certainty may have less M-R
11
tests than expected. This appears to be fixed in versions BC 1.60 beta 4
12
and later, BC-FJA 1.0.2 and later.
15
leosilva> trusty is not affected. Issue introduced in 1.54
17
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900843
24
patch: https://github.com/bcgit/bc-java/commit/22467b6e8fe19717ecdf201c0cf91bacf04a55ad
25
patch: https://github.com/bcgit/bc-java/commit/73780ac522b7795fc165630aba8d5f5729acc839
26
upstream_bouncycastle: needs-triage
27
precise/esm_bouncycastle: DNE
28
trusty_bouncycastle: not-affected
29
xenial_bouncycastle: needs-triage
30
artful_bouncycastle: needs-triage
31
bionic_bouncycastle: needs-triage
32
devel_bouncycastle: needs-triage