Summary: | <dev-python/rsa-4.7: timing attack vulnerability (CVE-2020-25658) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | IN_PROGRESS --- | ||
Severity: | minor | CC: | mgorny |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://github.com/sybrenstuvel/python-rsa/issues/165 | ||
Whiteboard: | B4 [glsa?] | ||
Package list: | Runtime testing required: | --- |
Description
John Helmert III
2020-12-19 08:12:33 UTC
4.7 is now out with a proper fix, it seems I'm going to push it shortly, just want to test all revdeps. Unable to check for sanity:
> no match for package: dev-python/rsa-4.7
All sanity-check issues have been resolved arm64 done arm done amd64 ppc sparc x86 (ALLARCHES) done all arches done Please cleanup, thanks! The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4a0a76ae11cccd6046a21ea096d5ead335955603 commit 4a0a76ae11cccd6046a21ea096d5ead335955603 Author: Michał Górny <mgorny@gentoo.org> AuthorDate: 2021-01-11 22:48:09 +0000 Commit: Michał Górny <mgorny@gentoo.org> CommitDate: 2021-01-11 22:48:12 +0000 dev-python/rsa: Remove old Bug: https://bugs.gentoo.org/760702 Signed-off-by: Michał Górny <mgorny@gentoo.org> dev-python/rsa/Manifest | 1 - dev-python/rsa/rsa-4.2.ebuild | 35 ----------------------------------- 2 files changed, 36 deletions(-) Unable to check for sanity:
> no match for package: dev-python/rsa-4.7
Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. |