Update Bouncy Castle

[Neustradamus]

Please update Bouncy Castle

• https://www.bouncycastle.org/
• https://www.bouncycastle.org/releasenotes.html
• http://www.bouncycastle.org/latest_releases.html
• https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=bouncy%20castle
• https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=bouncycastle
• https://www.cvedetails.com/vulnerability-list/vendor_id-7637/Bouncycastle.html

[J-Jamet]

Version 1.68 of org.bouncycastle:bcprov-jdk15on requires JDK 15 which can pose other problems (It's not yet natively on a stable version of Debian).
-> Unsupported class file major version 59

I don't see security issue impacting the app with the current version 1.65.1 of org.bouncycastle:bcprov-jdk15on dated May 2020.
If I'm wrong, please highlight the specific issue concerned.

[Neustradamus]

There are CVEs solved in 1.67.

[J-Jamet]

It is not a very precise highlight ...

[Neustradamus]

-> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28052

[J-Jamet]

-> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28052

I saw this issue but KeePassDX does not use the method OpenBSDBCrypt.checkPassword so the application is not impacted.

[Neustradamus]

@J-Jamet: Thanks a lot!