Closed mousumis closed 1 month ago
Maven Coordinates
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcpg-fips</artifactId>
<version>1.0.7.1</version>
</dependency>
Suppression rule:
<suppress base="true">
<notes><![CDATA[
FP per issue #6854
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.bouncycastle/bcpg-fips@.*$</packageUrl>
<cpe>cpe:/a:bouncycastle:legion-of-the-bouncy-castle-fips-java-api</cpe>
</suppress>
Link to test results: https://github.com/jeremylong/DependencyCheck/actions/runs/9981943724
Maven Coordinates
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcpg-fips</artifactId>
<version>1.0.7.1</version>
</dependency>
Suppression rule:
<suppress base="true">
<notes><![CDATA[
FP per issue #6854
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.bouncycastle/bcpg-fips@.*$</packageUrl>
<cpe>cpe:/a:bouncycastle:bouncy_castle_for_java</cpe>
</suppress>
Link to test results: https://github.com/jeremylong/DependencyCheck/actions/runs/10575736662
approved
Suppress rule has been added to the generatedSuppressions
branch.
Package URl
pkg:maven/org.bouncycastle/bcpg-fips@1.0.7.1
CPE
cpe:2.3:a:bouncycastle:bouncy_castle_for_java:1.0.7.1:*:*:*:*:*:*:*
CVE
CVE-2020-26939
ODC Integration
None
ODC Version
10.0.2
Description
CVE-2020-26939 is being flagged for bcpg-fips version 1.0.7.1 though documentation states that it is remediated in bc-fips v1.0.1.2. 1.0.7.1 is the latest bcpg-fips version which should correspond to a bc-fips version higher than 1.0.1.2 which has the fix.