Bug#1094311: bouncycastle: Please package new upstream version: 1.80
Santiago Ruano Rincón
santiagorr at riseup.net
Mon Jan 27 01:44:48 GMT 2025
Source: bouncycastle
Severity: important
User: debian-lts at lists.debian.org
Usertags: upstream-trixie
X-Debbugs-Cc: debian-lts at lists.debian.org
Dear bouncycastle maintainer(s),
Testing (trixie) currently ships bouncycastle 1.77. Upstream released
the latest version, 1.80, on January 14th 2025.
While I am not aware of any release schedule and EOL policy for
bouncycastle, I would say that the more recent release can be included
in trixie, the better. And the easier would be to provide security
updates to the users during the trixie life cycle. It is worth noting
that upstream has already fixed these four (minor) security issues, with
v1.78:
https://security-tracker.debian.org/tracker/CVE-2024-29857,
https://security-tracker.debian.org/tracker/CVE-2024-30171,
https://security-tracker.debian.org/tracker/CVE-2024-30172, and
https://security-tracker.debian.org/tracker/CVE-2024-34447.
If you need or want help packaging this recent upstream version, please
don't hesitate to speak up. Someone from the LTS team may be interested
in contributing (CC'ing debian-lts).
Best regards,
-- Santiago, for the LTS Team.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-java-maintainers/attachments/20250126/1ca5a352/attachment-0001.sig>
More information about the pkg-java-maintainers
mailing list