diff options
author | Narpat Mali <narpat.mali@windriver.com> | 2023-05-05 16:53:53 +0000 |
---|---|---|
committer | Steve Sakoman <steve@sakoman.com> | 2023-05-10 04:19:56 -1000 |
commit | 1367249c996394668eaf97404874d7d13225a53d (patch) | |
tree | 4bf457fa9a3d84438877cac462a44bef4bfc9986 /scripts | |
parent | 5ffa1afb932bc924acecc19bbad00d8a3d8e6be3 (diff) | |
download | poky-1367249c996394668eaf97404874d7d13225a53d.tar.gz |
python3-cryptography: fix for CVE-2023-23931
cryptography is a package designed to expose cryptographic primitives
and recipes to Python developers. In affected versions `Cipher.update_into`
would accept Python objects which implement the buffer protocol, but
provide only immutable buffers. This would allow immutable objects
(such as `bytes`) to be mutated, thus violating fundamental rules of
Python and resulting in corrupted output. This now correctly raises
an exception. This issue has been present since `update_into` was
originally introduced in cryptography 1.8.
(From OE-Core rev: 368e450c2d800790a05924519f34c579e28e9cbb)
Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Diffstat (limited to 'scripts')
0 files changed, 0 insertions, 0 deletions