Summary: | <dev-python/cryptography-2.2.2-r1 - GCM tag forgery via truncated tag in finalize_with_tag API | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | OzTiram <oz.tiram> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | jstein, python, whissi |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
See Also: | https://github.com/gentoo/gentoo/pull/9405 | ||
Whiteboard: | B3 [noglsa cve] | ||
Package list: | Runtime testing required: | --- |
Description
OzTiram
2018-08-01 05:47:49 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bc82ed8c77227b67d20d84d0a05cffb8be68f26d commit bc82ed8c77227b67d20d84d0a05cffb8be68f26d Author: Matthew Thode <prometheanfire@gentoo.org> AuthorDate: 2018-08-01 17:40:20 +0000 Commit: Matthew Thode <prometheanfire@gentoo.org> CommitDate: 2018-08-01 17:50:27 +0000 dev-python/cryptography: 2.2.2-r1 for CVE-2018-10903 with cleanup Fast stable as well Bug: https://bugs.gentoo.org/662564 Package-Manager: Portage-2.3.43, Repoman-2.3.10 .../cryptography-vectors-1.7.1.ebuild | 25 ------- .../cryptography-vectors-2.0.2.ebuild | 25 ------- .../cryptography-vectors-2.1.4.ebuild | 25 ------- .../cryptography-vectors-2.2.2.ebuild | 2 +- .../cryptography-vectors-2.3.ebuild | 2 +- dev-python/cryptography/Manifest | 3 - .../cryptography/cryptography-1.7.1-r1.ebuild | 52 --------------- dev-python/cryptography/cryptography-1.7.1.ebuild | 50 -------------- .../cryptography/cryptography-2.0.2-r1.ebuild | 51 --------------- .../cryptography/cryptography-2.1.4-r1.ebuild | 68 ------------------- dev-python/cryptography/cryptography-2.1.4.ebuild | 63 ------------------ ....1.4-r2.ebuild => cryptography-2.2.2-r1.ebuild} | 3 +- dev-python/cryptography/cryptography-2.2.2.ebuild | 68 ------------------- dev-python/cryptography/files/CVE-2018-10903.patch | 76 ++++++++++++++++++++++ 14 files changed, 80 insertions(+), 433 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3f9ba7fc9d66809b602189bbd2650eac8d86d91a commit 3f9ba7fc9d66809b602189bbd2650eac8d86d91a Author: Oz Tiram <oz.tiram@gmail.com> AuthorDate: 2018-08-01 08:51:05 +0000 Commit: Matthew Thode <prometheanfire@gentoo.org> CommitDate: 2018-08-01 17:35:17 +0000 dev-python/cryptography: bump version to 2.3 libressl is now supported upstream, removing patches Bug: https://bugs.gentoo.org/662564 Package-Manager: Portage-2.3.40, Repoman-2.3.9 Signed-off-by: Matthew Thode <prometheanfire@gentoo.org> dev-python/cryptography-vectors/Manifest | 1 + .../cryptography-vectors-2.3.ebuild | 25 ++++++++ dev-python/cryptography/Manifest | 1 + dev-python/cryptography/cryptography-2.3.ebuild | 67 ++++++++++++++++++++++ 4 files changed, 94 insertions(+) cleaned up *** Bug 662886 has been marked as a duplicate of this bug. *** |