Overview
Request 894007 accepted
- Add patch CVE-2020-36242-buffer-overflow.patch (bsc#1182066, CVE-2020-36242)
* Using the Fernet class to symmetrically encrypt multi gigabyte values
could result in an integer overflow and buffer overflow.
- Add add_X509_up_ref.patch to provide X509_up_ref() function to help
pyOpenSSL deal with CVE-2018-1000807 (bsc#1111635) and
CVE-2018-1000808 (bsc#1111634).
- bsc#1101820 CVE-2018-10903 GCM tag forgery via truncated tag in
finalize_with_tag API
* add disallow_implicit_tag_truncation.patch from
https://github.com/pyca/cryptography/commit/688e0f673bfb.patch
- Disable memleak tests to fix build with OpenSSL 1.1 (bsc#1055478)
* add skip_openssl_memleak_test.patch
Request History
jgrassler created request
- Add patch CVE-2020-36242-buffer-overflow.patch (bsc#1182066, CVE-2020-36242)
* Using the Fernet class to symmetrically encrypt multi gigabyte values
could result in an integer overflow and buffer overflow.
- Add add_X509_up_ref.patch to provide X509_up_ref() function to help
pyOpenSSL deal with CVE-2018-1000807 (bsc#1111635) and
CVE-2018-1000808 (bsc#1111634).
- bsc#1101820 CVE-2018-10903 GCM tag forgery via truncated tag in
finalize_with_tag API
* add disallow_implicit_tag_truncation.patch from
https://github.com/pyca/cryptography/commit/688e0f673bfb.patch
- Disable memleak tests to fix build with OpenSSL 1.1 (bsc#1055478)
* add skip_openssl_memleak_test.patch
gosipyan accepted request
Note: this request syncs the python-cryptography package in Cloud:OpenStack:Pike with the version we've got released in SUSE OpenStack Cloud 8.