[SECURITY] [DLA 3922-1] python-cryptography security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3922-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Adrian Bunk
October 17, 2024 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------
Package : python-cryptography
Version : 3.3.2-1+deb11u1
CVE ID : CVE-2023-23931 CVE-2023-49083
Debian Bug : 1031049 1057108
Two vulnerabilities have been fixed in python-cryptography,
a cryptography library for the Python interpreter.
CVE-2023-23931
Memory corruption with immutable objects
CVE-2023-49083
NULL dereference when loading PKCS7 certificates
For Debian 11 bullseye, these problems have been fixed in version
3.3.2-1+deb11u1.
We recommend that you upgrade your python-cryptography packages.
For the detailed security status of python-cryptography please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/python-cryptography
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmcQStsACgkQiNJCh6LY
mLFHXA//U9rUeyM3ezY2+FYT/OUQvHzgrnYQ7h/xH4S79VTbC/3NSnEUezwK+8C+
6A1cjSjsZEdYddanZj3WSzrKFq7luNMkqNbZ0HwU/vBG12KXAw+bvdKZ0SY/XuYu
rwc0M9UFlnJJR1Se+tOryh9jVQJLEx8b2L2si32zMpAwM9mRxBmaU2BxPWNzyP7O
+3St5a8U+bUJgX+NHPS2c6qa1xw2Y6EJc5WXfTPd09AkFZ29o264WpTmnMQ8xwXW
eQm8t/x0kS3OZz2BvNk4t0ycs9OIfFSYe28TRpJKyF6eI0n+fgrC7IZvvhRhLrFD
QV8ZEx+NFJ/zrtPHPPgDVduRRfUBjYtHqHfIoSt0k/I8R/CYV5kteyiCj/iXTRco
JpXd7zX//Jt2SRx6VObi3v+5ujvcmQhHYqn2MLR7u952qny+1mnkCGAgIhzmuG2g
vlmCgugfBoiqcf6jJGQX+cc0526yR0wRnPqrfzQKgek0UX8ZbQ9lHZeKooAZbJxU
/TIyDizhA8NqTadvFsaTtu/PA0QDZ2LUFuZzLLD+NGam0b1+y2wyeuNrkASjK9KQ
SLuswfTrcPXezDX41JdNn5t3onPYd+S6Ae3bI8g1Uxo4Wkwjh42bo52+4NvKCkxT
N+8dO6OsitAdIGTIXEXMM2PkhEDoCpcRebEwkhICAgW9nkXLvU4=
=xluL
-----END PGP SIGNATURE-----
Reply to: