Publishing details

Published on 2024-03-04

Changelog

python-cryptography (3.3.2-1~20.04.sav4) focal; urgency=high

  * SECURITY UPDATE: exposure of confidential data
    - debian/patches/CVE-2023-50782.patch: update bindings in
      src/_cffi_src/openssl/rsa.py to be compatible with new openssl version
      1.1.1w-0ubuntu1~XX.04.sav2 (where XX is 16, 18, or 20), which fixes the
      issue by changing PKCS#1 v1.5 RSA to return random output instead of an
      exception when detecting wrong padding
    - CVE-2023-50782
  [ patch thanks to Jorge Sancho Larraz <email address hidden> ]

 -- Rob Savoury <email address hidden>  Mon, 04 Mar 2024 12:36:48 -0800

Available diffs

diff from 3.3.2-1~20.04.sav3 to 3.3.2-1~20.04.sav4 (1.8 KiB)

Builds

amd64

Built packages

python-cryptography Python library exposing cryptographic recipes and primitives (Python 2)

python-cryptography-doc Python library exposing cryptographic recipes and primitives (documentation)

python3-cryptography Python library exposing cryptographic recipes and primitives (Python 3)

Package files

python-cryptography-doc_3.3.2-1~20.04.sav4_all.deb (290.7 KiB)
python-cryptography_3.3.2-1~20.04.sav4.debian.tar.xz (14.9 KiB)
python-cryptography_3.3.2-1~20.04.sav4.dsc (3.8 KiB)
python-cryptography_3.3.2-1~20.04.sav4_amd64.deb (245.0 KiB)
python-cryptography_3.3.2.orig.tar.gz (527.2 KiB)
python-cryptography_3.3.2.orig.tar.gz.asc (488 bytes)
python3-cryptography_3.3.2-1~20.04.sav4_amd64.deb (204.4 KiB)