python-cryptography 38.0.4-4ubuntu0.23.10.2 source package in Ubuntu
Changelog
python-cryptography (38.0.4-4ubuntu0.23.10.2) mantic-security; urgency=medium
* SECURITY UPDATE: exposure of confidential data
- debian/patches/CVE-2023-50782.patch: update bindings in
src/_cffi_src/openssl/rsa.py to be compatible with new openssl version
3.0.10-1ubuntu2.3, which fixes the issue by changing PKCS#1 v1.5 RSA to
return random output instead of an exception when detecting wrong padding
- CVE-2023-50782
* SECURITY UPDATE: null pointer dereference
- debian/patches/CVE-2024-26130.patch: null check before dereference
- CVE-2024-26130
-- Jorge Sancho Larraz <email address hidden> Tue, 27 Feb 2024 11:36:15 +0100
Upload details
- Uploaded by:
- Jorge Sancho Larraz
- Uploaded to:
- Mantic
- Original maintainer:
- Ubuntu Developers
- Architectures:
- any all
- Section:
- python
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section | |
|---|---|---|---|---|
| Mantic | updates | main | misc | |
| Mantic | security | main | misc |
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| python-cryptography_38.0.4.orig.tar.gz | 585.7 KiB | 175c1a818b87c9ac80bb7377f5520b7f31b3ef2a0004e2420319beadedb67290 |
| python-cryptography_38.0.4.orig.tar.gz.asc | 488 bytes | 09ddc5bab3140faba2fe03980b6d167d2ff1980ed55d0fa8399caa7a42d765ff |
| python-cryptography_38.0.4-4ubuntu0.23.10.2.debian.tar.xz | 25.4 KiB | 01815dbc66a5d4efed19e79caec1716c54b51ecfb93fab248e3e44c09d5d27df |
| python-cryptography_38.0.4-4ubuntu0.23.10.2.dsc | 3.7 KiB | f0cf99456a7e21fe087175ed9a532b793df77c6f6a100d48038180b469dfef67 |
Available diffs
Binary packages built by this source
- python-cryptography-doc: Python library exposing cryptographic recipes and primitives (documentation)
The cryptography library is designed to be a "one-stop-shop" for
all your cryptographic needs in Python.
.
As an alternative to the libraries that came before it, cryptography
tries to address some of the issues with those libraries:
- Lack of PyPy and Python 3 support.
- Lack of maintenance.
- Use of poor implementations of algorithms (i.e. ones with known
side-channel attacks).
- Lack of high level, "Cryptography for humans", APIs.
- Absence of algorithms such as AES-GCM.
- Poor introspectability, and thus poor testability.
- Extremely error prone APIs, and bad defaults.
.
This package contains the documentation for cryptography.
- python3-cryptography: Python library exposing cryptographic recipes and primitives (Python 3)
The cryptography library is designed to be a "one-stop-shop" for
all your cryptographic needs in Python.
.
As an alternative to the libraries that came before it, cryptography
tries to address some of the issues with those libraries:
- Lack of PyPy and Python 3 support.
- Lack of maintenance.
- Use of poor implementations of algorithms (i.e. ones with known
side-channel attacks).
- Lack of high level, "Cryptography for humans", APIs.
- Absence of algorithms such as AES-GCM.
- Poor introspectability, and thus poor testability.
- Extremely error prone APIs, and bad defaults.
.
This package contains the Python 3 version of cryptography.
- python3-cryptography-dbgsym: debug symbols for python3-cryptography
