Bug#1134343: bouncycastle: CVE-2026-0636
Salvatore Bonaccorso
carnil at debian.org
Sat Apr 18 20:39:37 BST 2026
Source: bouncycastle
Version: 1.80-3
Severity: important
Tags: security upstream
X-Debbugs-Cc: carnil at debian.org, Debian Security Team <team at security.debian.org>
Hi,
The following vulnerability was published for bouncycastle.
CVE-2026-0636[0]:
| Improper neutralization of special elements used in an LDAP query
| ('LDAP injection') vulnerability in Legion of the Bouncy Castle Inc.
| BC-JAVA bcprov on all (prov modules). This vulnerability is
| associated with program files LDAPStoreHelper. This issue affects
| BC-JAVA: from 1.74 before 1.84.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2026-0636
https://www.cve.org/CVERecord?id=CVE-2026-0636
[1] https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902026%E2%80%900636
[2] https://github.com/bcgit/bc-java/commit/d20cdb8430e09224114fec0179a71859929fcbde
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
More information about the pkg-java-maintainers
mailing list