It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. An attacker can use this flaw via the RSA decryption API to decrypt parts of the cipher text encrypted with RSA.
Upstream issue at $URL. Issue was closed by a patch, but it seems there's some uncertainty about whether the patch adequately addresses the security issue.
4.7 is now out with a proper fix, it seems
I'm going to push it shortly, just want to test all revdeps.
Unable to check for sanity:
> no match for package: dev-python/rsa-4.7
All sanity-check issues have been resolved
amd64 ppc sparc x86 (ALLARCHES) done
all arches done
Please cleanup, thanks!
The bug has been referenced in the following commit(s):
Author: Michał Górny <firstname.lastname@example.org>
AuthorDate: 2021-01-11 22:48:09 +0000
Commit: Michał Górny <email@example.com>
CommitDate: 2021-01-11 22:48:12 +0000
dev-python/rsa: Remove old
Signed-off-by: Michał Górny <firstname.lastname@example.org>
dev-python/rsa/Manifest | 1 -
dev-python/rsa/rsa-4.2.ebuild | 35 -----------------------------------
2 files changed, 36 deletions(-)