MySQL Bugs: #107710: MySql.Data uses BouncyCastle 1.8.5 which has a Security Advisory

Bug #107710	MySql.Data uses BouncyCastle 1.8.5 which has a Security Advisory
Submitted:	29 Jun 2022 20:42	Modified:	30 Jun 2022 5:13
Reporter:	Jonathan Reis	Email Updates:
Status:	Duplicate	Impact on me:	None
Category:	Connector / NET	Severity:	S3 (Non-critical)
Version:	v8.0.29	OS:	Windows
Assigned to:		CPU Architecture:	Any
Tags:	BouncyCastle Security Issue Fixed in v1.8.7

View
Add Comment
Files
Developer
Edit Submission
View Progress Log
Contributions

Description:
Release Notes for 1.8.7
Security Advisory

CVE-2020-15522: addition of blinding to address observable timing issue with Deterministic ECDSA signatures.

v1.9.0 has been out since 17th October 2021 can it be updated to a version without the Security Advisory?

How to repeat:
na

Suggested fix:
Update to latest BouncyCastle

It looks like the proper package to use now is: https://www.nuget.org/packages/Portable.BouncyCastle/

Hello Jonathan Reis,

Thank you for the report and feedback.
Imho this is duplicate of Bug #106370, please see Bug #106370

regards,
Umesh