Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 925120 (CVE-2024-26130) - <dev-python/cryptography-42.0.4: null-pointer-dereference and segfault that could occur when creating a PKCS#12 bundle
Summary: <dev-python/cryptography-42.0.4: null-pointer-dereference and segfault that c...
Status: RESOLVED FIXED
Alias: CVE-2024-26130
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor
Assignee: Gentoo Security
URL:
Whiteboard: B3 [glsa+]
Keywords:
Depends on: 925119 925173 932697
Blocks:
  Show dependency tree
 
Reported: 2024-02-21 04:26 UTC by Michał Górny
Modified: 2024-07-01 06:12 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2024-02-21 04:26:10 UTC 
+* Fixed a null-pointer-dereference and segfault that could occur when creating
+  a PKCS#12 bundle. Credit to **Alexander-Programming** for reporting the
+  issue. **CVE-2024-26130**
Comment 1 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2024-02-21 04:31:26 UTC 
Thanks!
Comment 2 Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2024-05-25 19:58:46 UTC 
cleanup done.
Comment 3 Larry the Git Cow gentoo-dev 2024-07-01 06:10:20 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=c64e048a91b0aa0d481f453db2b0de77a5123fc4

commit c64e048a91b0aa0d481f453db2b0de77a5123fc4
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2024-07-01 05:59:02 +0000
Commit:     John Helmert III <ajak@gentoo.org>
CommitDate: 2024-07-01 06:09:25 +0000

    [ GLSA 202407-06 ] cryptography: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/769419
    Bug: https://bugs.gentoo.org/864049
    Bug: https://bugs.gentoo.org/893576
    Bug: https://bugs.gentoo.org/918685
    Bug: https://bugs.gentoo.org/925120
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: John Helmert III <ajak@gentoo.org>

 glsa-202407-06.xml | 49 +++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 49 insertions(+)