Re: Accepted python-cryptography 2.6.1-3+deb10u4 (source amd64 all) into oldstable
On Mon, Feb 27, 2023 at 07:43:42AM +0000, Chris Lamb wrote:
> Hi Salvatore,
>
> >> python-cryptography (2.6.1-3+deb10u4) buster-security; urgency=high
> >> .
> >> * Adjust which call to CFFI's from_buffer is marked require_writable=True
> >> to address an issue in 2.6.1-3+deb10u4's attempt to fix CVE-2023-23931.
> >
> > Does this still needs a follow-up DLA to DLA 3331-1?
>
> Yes, indeed. This has been announced as DLA 3331-2.
Thank you, Chris!
Regards,
Salvatore
Reply to: