[SECURITY] [DLA 3922-1] python-cryptography security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 3922-1] python-cryptography security update
From: Adrian Bunk <bunk@debian.org>
Date: Thu, 17 Oct 2024 02:23:07 +0300
Message-id: <[🔎] ZxBK28S4xODFfho+@localhost>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3922-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                          Adrian Bunk
October 17, 2024                              https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : python-cryptography
Version        : 3.3.2-1+deb11u1
CVE ID         : CVE-2023-23931 CVE-2023-49083
Debian Bug     : 1031049 1057108

Two vulnerabilities have been fixed in python-cryptography,
a cryptography library for the Python interpreter.

CVE-2023-23931

    Memory corruption with immutable objects

CVE-2023-49083

    NULL dereference when loading PKCS7 certificates

For Debian 11 bullseye, these problems have been fixed in version
3.3.2-1+deb11u1.

We recommend that you upgrade your python-cryptography packages.

For the detailed security status of python-cryptography please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/python-cryptography

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmcQStsACgkQiNJCh6LY
mLFHXA//U9rUeyM3ezY2+FYT/OUQvHzgrnYQ7h/xH4S79VTbC/3NSnEUezwK+8C+
6A1cjSjsZEdYddanZj3WSzrKFq7luNMkqNbZ0HwU/vBG12KXAw+bvdKZ0SY/XuYu
rwc0M9UFlnJJR1Se+tOryh9jVQJLEx8b2L2si32zMpAwM9mRxBmaU2BxPWNzyP7O
+3St5a8U+bUJgX+NHPS2c6qa1xw2Y6EJc5WXfTPd09AkFZ29o264WpTmnMQ8xwXW
eQm8t/x0kS3OZz2BvNk4t0ycs9OIfFSYe28TRpJKyF6eI0n+fgrC7IZvvhRhLrFD
QV8ZEx+NFJ/zrtPHPPgDVduRRfUBjYtHqHfIoSt0k/I8R/CYV5kteyiCj/iXTRco
JpXd7zX//Jt2SRx6VObi3v+5ujvcmQhHYqn2MLR7u952qny+1mnkCGAgIhzmuG2g
vlmCgugfBoiqcf6jJGQX+cc0526yR0wRnPqrfzQKgek0UX8ZbQ9lHZeKooAZbJxU
/TIyDizhA8NqTadvFsaTtu/PA0QDZ2LUFuZzLLD+NGam0b1+y2wyeuNrkASjK9KQ
SLuswfTrcPXezDX41JdNn5t3onPYd+S6Ae3bI8g1Uxo4Wkwjh42bo52+4NvKCkxT
N+8dO6OsitAdIGTIXEXMM2PkhEDoCpcRebEwkhICAgW9nkXLvU4=
=xluL
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 3920-1] php7.4 security update
Next by Date: [SECURITY] [DLA 3921-1] apache2 regression update
Previous by thread: [SECURITY] [DLA 3920-1] php7.4 security update
Next by thread: [SECURITY] [DLA 3921-1] apache2 regression update
Index(es):
- Date
- Thread