UbuntuUpdates.org

Package "python3-cryptography"

Name: python3-cryptography

Description:

Python library exposing cryptographic recipes and primitives (Python 3)

Latest version: 1.2.3-1ubuntu0.3
Release: xenial (16.04)
Level: security
Repository: main
Head package: python-cryptography
Homepage: https://cryptography.io/

Links


Download "python3-cryptography"


Other versions of "python3-cryptography" in Xenial

Repository Area Version
base main 1.2.3-1
updates main 1.2.3-1ubuntu0.3

Changelog

Version: 1.2.3-1ubuntu0.3 2020-11-03 15:07:09 UTC

  python-cryptography (1.2.3-1ubuntu0.3) xenial-security; urgency=medium

  * SECURITY UPDATE: Bleichenbacher timing oracle attack
    - debian/patches/CVE-2020-25659.patch: Attempt to mitigate
      Bleichenbacher attacks on RSA decryption docs/spelling_wordlist.txt,
      src/cryptography/hazmat/backends/openssl/rsa.py.
    - CVE-2020-25659

 -- <email address hidden> (Leonidas S. Barbosa) Wed, 28 Oct 2020 11:55:13 -0300

Source diff to previous version
CVE-2020-25659 bleichenbacher timing oracle attack against RSA decryption

Version: 1.2.3-1ubuntu0.2 2018-11-08 15:07:03 UTC

  python-cryptography (1.2.3-1ubuntu0.2) xenial-security; urgency=medium

  * debian/patches/add_x509_up_ref.patch: add X509_up_ref function for
    pyopenssl security update.

 -- Marc Deslauriers <email address hidden> Thu, 18 Oct 2018 07:18:59 -0400

Source diff to previous version

Version: 1.2.3-1ubuntu0.1 2016-11-28 20:07:04 UTC

  python-cryptography (1.2.3-1ubuntu0.1) xenial-security; urgency=medium

  * SECURITY UPDATE: HKDF might return an empty byte-string
    - debian/patches/CVE-2016-9243.patch: fix short length handling in
      src/cryptography/hazmat/primitives/kdf/hkdf.py, added test to
      tests/hazmat/primitives/test_hkdf.py.
    - CVE-2016-9243

 -- Marc Deslauriers <email address hidden> Thu, 17 Nov 2016 10:20:34 -0500

CVE-2016-9243 HKDF might return an empty byte-string



About   -   Send Feedback to @ubuntu_updates