CVE-2020-25658: It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. An attacker can use this flaw via the RSA decryption API to decrypt parts of the cipher text encrypted with RSA. Upstream issue at $URL. Issue was closed by a patch, but it seems there's some uncertainty about whether the patch adequately addresses the security issue.
4.7 is now out with a proper fix, it seems
I'm going to push it shortly, just want to test all revdeps.
Unable to check for sanity: > no match for package: dev-python/rsa-4.7
All sanity-check issues have been resolved
arm64 done
arm done
amd64 ppc sparc x86 (ALLARCHES) done all arches done
Please cleanup, thanks!
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4a0a76ae11cccd6046a21ea096d5ead335955603 commit 4a0a76ae11cccd6046a21ea096d5ead335955603 Author: Michał Górny <mgorny@gentoo.org> AuthorDate: 2021-01-11 22:48:09 +0000 Commit: Michał Górny <mgorny@gentoo.org> CommitDate: 2021-01-11 22:48:12 +0000 dev-python/rsa: Remove old Bug: https://bugs.gentoo.org/760702 Signed-off-by: Michał Górny <mgorny@gentoo.org> dev-python/rsa/Manifest | 1 - dev-python/rsa/rsa-4.2.ebuild | 35 ----------------------------------- 2 files changed, 36 deletions(-)
Package list is empty or all packages have requested keywords.