UbuntuUpdates.org

Package "python-cryptography"

Name: python-cryptography

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • Python library exposing cryptographic recipes and primitives (documentation)
  • Python library exposing cryptographic recipes and primitives (Python 3)
Latest version: 2.8-3ubuntu0.3
Release: focal (20.04)
Level: updates
Repository: main

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Other versions of "python-cryptography" in Focal

Repository Area Version
base main 2.8-3
base universe 2.8-3
security universe 2.8-3ubuntu0.3
security main 2.8-3ubuntu0.3
updates universe 2.8-3ubuntu0.3

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 2.8-3ubuntu0.3 2024-03-04 17:06:54 UTC

  python-cryptography (2.8-3ubuntu0.3) focal-security; urgency=medium

  * SECURITY UPDATE: exposure of confidential data
    - debian/patches/CVE-2023-50782.patch: update bindings in
      src/_cffi_src/openssl/rsa.py to be compatible with new openssl version
      31.1.1f-1ubuntu2.22, which fixes the issue by changing PKCS#1 v1.5 RSA to
      return random output instead of an exception when detecting wrong padding
    - CVE-2023-50782

 -- Jorge Sancho Larraz <email address hidden> Thu, 29 Feb 2024 11:30:05 +0100
Source diff to previous version
CVE-2023-50782 A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA

Version: 2.8-3ubuntu0.2 2023-12-06 18:06:52 UTC

  python-cryptography (2.8-3ubuntu0.2) focal-security; urgency=medium

  * SECURITY UPDATE: corrupted output via immutable objects
    - debian/patches/CVE-2023-23931.patch: don't allow update_into to
      mutate immutable objects in tests/hazmat/primitives/test_ciphers.py,
      src/cryptography/hazmat/backends/openssl/ciphers.py.
    - CVE-2023-23931

 -- Marc Deslauriers <email address hidden> Mon, 04 Dec 2023 15:04:00 -0500
CVE-2023-23931 cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions `Cipher.update_into` wou

Version: *DELETED* 2020-11-03 16:06:17 UTC
No changelog for deleted or moved packages.

Version: 2.8-3ubuntu0.1 2020-11-03 15:07:16 UTC

  python-cryptography (2.8-3ubuntu0.1) focal-security; urgency=medium

  * SECURITY UPDATE: Bleichenbacher timing oracle attack
    - debian/patches/CVE-2020-25659.patch: Attempt to mitigate
      Bleichenbacher attacks on RSA decryption docs/spelling_wordlist.txt,
      src/cryptography/hazmat/backends/openssl/rsa.py.
    - CVE-2020-25659

 -- <email address hidden> (Leonidas S. Barbosa) Wed, 28 Oct 2020 13:10:56 -0300
CVE-2020-25659 bleichenbacher timing oracle attack against RSA decryption


About   -   Send Feedback to @ubuntu_updates