From e39f870ab55d1b0117691554b9a1342cb0f6c6de Mon Sep 17 00:00:00 2001 From: Philip Maher <108087166+discerningdev@users.noreply.github.com> Date: Mon, 1 Jun 2026 16:37:41 -0500 Subject: [PATCH 1/2] Improve GHSA-mx76-r943-rf8g --- .../05/GHSA-mx76-r943-rf8g/GHSA-mx76-r943-rf8g.json | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/advisories/github-reviewed/2026/05/GHSA-mx76-r943-rf8g/GHSA-mx76-r943-rf8g.json b/advisories/github-reviewed/2026/05/GHSA-mx76-r943-rf8g/GHSA-mx76-r943-rf8g.json index 468b5c2deb5c6..cf54b4f4a7e29 100644 --- a/advisories/github-reviewed/2026/05/GHSA-mx76-r943-rf8g/GHSA-mx76-r943-rf8g.json +++ b/advisories/github-reviewed/2026/05/GHSA-mx76-r943-rf8g/GHSA-mx76-r943-rf8g.json @@ -1,17 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-mx76-r943-rf8g", - "modified": "2026-05-19T16:09:20Z", + "modified": "2026-05-19T16:09:21Z", "published": "2026-05-08T09:31:30Z", "aliases": [ "CVE-2026-8149" ], "summary": "Bouncy Castle has a vulnerability in program files gcm128w, gcm512w", - "details": "A vulnerability in Legion of the Bouncy Castle Inc. BC-FJA BC-FIPS on Linux, X86_64, AVX, AVX-512f.\n\nThis vulnerability is associated with program files gcm128w, gcm512w.\n\nThis issue affects BC-FJA: from 2.1.0 through 2.1.2.", + "details": "A vulnerability in Legion of the Bouncy Castle Inc. BC-FJA BC-FIPS on Linux, X86_64, AVX, AVX-512f.\n\nThis vulnerability is associated with program files gcm128w, gcm512w.\n\nThis issue affects BC-LTS: from 2.73.0 before 2.73.11", "severity": [ { - "type": "CVSS_V4", - "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:X/R:X/V:X/RE:M/U:Amber" + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N" } ], "affected": [ @@ -49,7 +49,7 @@ "cwe_ids": [ "CWE-1068" ], - "severity": "MODERATE", + "severity": "LOW", "github_reviewed": true, "github_reviewed_at": "2026-05-14T13:06:27Z", "nvd_published_at": "2026-05-08T07:16:29Z" From ce63f2c460c78cfae6a6c2021f4d18947af63bad Mon Sep 17 00:00:00 2001 From: Philip Maher <108087166+discerningdev@users.noreply.github.com> Date: Mon, 1 Jun 2026 16:51:02 -0500 Subject: [PATCH 2/2] Improve GHSA-mx76-r943-rf8g --- .../GHSA-mx76-r943-rf8g.json | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/advisories/github-reviewed/2026/05/GHSA-mx76-r943-rf8g/GHSA-mx76-r943-rf8g.json b/advisories/github-reviewed/2026/05/GHSA-mx76-r943-rf8g/GHSA-mx76-r943-rf8g.json index cf54b4f4a7e29..ab5b1e85d5da1 100644 --- a/advisories/github-reviewed/2026/05/GHSA-mx76-r943-rf8g/GHSA-mx76-r943-rf8g.json +++ b/advisories/github-reviewed/2026/05/GHSA-mx76-r943-rf8g/GHSA-mx76-r943-rf8g.json @@ -7,32 +7,35 @@ "CVE-2026-8149" ], "summary": "Bouncy Castle has a vulnerability in program files gcm128w, gcm512w", - "details": "A vulnerability in Legion of the Bouncy Castle Inc. BC-FJA BC-FIPS on Linux, X86_64, AVX, AVX-512f.\n\nThis vulnerability is associated with program files gcm128w, gcm512w.\n\nThis issue affects BC-LTS: from 2.73.0 before 2.73.11", + "details": "A vulnerability in Legion of the Bouncy Castle Inc. BC-LTS on Linux, X86_64, AVX, AVX-512f.\n\nThis vulnerability is associated with program files gcm128w, gcm512w.\n\nThis issue affects BC-LTS: from 2.73.0 before 2.73.11", "severity": [ { - "type": "CVSS_V3", - "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N" + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" } ], "affected": [ { "package": { "ecosystem": "Maven", - "name": "org.bouncycastle:bc-fips" + "name": "org.bouncycastle:bctls-lts8on" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { - "introduced": "2.1.0" + "introduced": "2.73.0" }, { - "last_affected": "2.1.2" + "fixed": "2.73.11" } ] } - ] + ], + "database_specific": { + "last_known_affected_version_range": "<= 2.73.10" + } } ], "references": [ @@ -49,7 +52,7 @@ "cwe_ids": [ "CWE-1068" ], - "severity": "LOW", + "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2026-05-14T13:06:27Z", "nvd_published_at": "2026-05-08T07:16:29Z"