CVE 2016-9243
HKDF in cryptography before 1.5.2 returns an empty byte-string if used with a length less than algorithm.
See the 
CVE page on Mitre.org
for more details.
Launchpad.net
References
- MLIST: [oss-security] 2016110...
- CONFIRM: https://cryptography.i...
- CONFIRM: https://github.com/pyc...
- CONFIRM: https://github.com/pyc...
- FEDORA: FEDORA-2016-2d90e27e50
- FEDORA: FEDORA-2016-d3a2b640ce
- FEDORA: FEDORA-2016-e77c8c1f3b
- BID: 94216
- UBUNTU: USN-3138-1
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
73416ba
(Get the code!)