[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Accepted python-cryptography 2.6.1-3+deb10u4 (source amd64 all) into oldstable

Hi Chris,

On Wed, Feb 22, 2023 at 05:30:23PM +0000, Debian FTP Masters wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
> 
> Format: 1.8
> Date: Wed, 22 Feb 2023 09:17:00 -0800
> Source: python-cryptography
> Binary: python-cryptography python-cryptography-dbgsym python-cryptography-doc python3-cryptography python3-cryptography-dbgsym
> Built-For-Profiles: nocheck
> Architecture: source amd64 all
> Version: 2.6.1-3+deb10u4
> Distribution: buster-security
> Urgency: high
> Maintainer: Tristan Seligmann <mithrandi@debian.org>
> Changed-By: Chris Lamb <lamby@debian.org>
> Description:
>  python-cryptography - Python library exposing cryptographic recipes and primitives (Pyt
>  python-cryptography-doc - Python library exposing cryptographic recipes and primitives (doc
>  python3-cryptography - Python library exposing cryptographic recipes and primitives (Pyt
> Changes:
>  python-cryptography (2.6.1-3+deb10u4) buster-security; urgency=high
>  .
>    * Adjust which call to CFFI's from_buffer is marked require_writable=True
>      to address an issue in 2.6.1-3+deb10u4's attempt to fix CVE-2023-23931.

Does this still needs a follow-up DLA to DLA 3331-1?

Regards,
Salvatore
Reply to: