Safety CI > vertexproject/vtx-base-image

pyup-update-urllib3-2.1.0-to-2.2.0

2 years ago

Update urllib3 from 2.1.0 to 2.2.0

cbor2 5.5.1 and pycryptodome 3.19.1 have known security vulnerabilities.

Package	Installed	Affected	Info
cbor2	5.5.1	>=3.0.0,<5.8.0	show Affected versions of the cbor2 package are vulnerable to Information Disclosure due to the CBORDecoder state being reused without clearing shareable values between decode operations. In cbor2, CBORDecoder.decode_from_bytes() and the CBORDecoder.fp setter (including the C extension _CBORDecoder_set_fp and the pure-Python cbor2/_decoder.py implementation) do not reset the internal shareables list that stores tag 28 (shareable) values for later retrieval via tag 29 (sharedref), allowing those references to persist across separate messages.
cbor2	5.5.1	<5.6.0	show Cbor2 5.6.0 fixes issue that was causing a MemoryError when decoding large definite strings. It was due to the library attempting to allocate more memory than available, leading to a failure in memory allocation. The fix involves altering how the library manages memory allocation for large strings, thus preventing the MemoryError from being thrown and allowing the library to handle large strings correctly. https://github.com/agronholm/cbor2/commit/387755eacf0be35591a478d3c67fe10618a6d542
cbor2	5.5.1	>=5.5.1,<5.6.2	show Affected versions of Cbor2 are vulnerable to Buffer Overflow. An attacker can crash a service using cbor2 to parse a CBOR binary by sending a long enough object.
pycryptodome	3.19.1	<3.20.0	show Pycryptodome 3.20.0 addresses a vulnerability in the OAEP decryption process, which previously had a side-channel leakage issue. This vulnerability could potentially be exploited through a Manger attack, a type of cryptographic attack. The resolution of this issue enhances the security of the library, especially in its handling of OAEP decryption. https://github.com/Legrandin/pycryptodome/commit/0deea1bfe1489e8c80d2053bbb06a1aa0b181ebd

pyup-update-cryptography-41.0.7-to-42.0.2

2 years ago

ac028d66

Update cryptography from 41.0.7 to 42.0.2

cbor2 5.5.1 and pycryptodome 3.19.1 have known security vulnerabilities.

Package	Installed	Affected	Info
cbor2	5.5.1	>=3.0.0,<5.8.0	show Affected versions of the cbor2 package are vulnerable to Information Disclosure due to the CBORDecoder state being reused without clearing shareable values between decode operations. In cbor2, CBORDecoder.decode_from_bytes() and the CBORDecoder.fp setter (including the C extension _CBORDecoder_set_fp and the pure-Python cbor2/_decoder.py implementation) do not reset the internal shareables list that stores tag 28 (shareable) values for later retrieval via tag 29 (sharedref), allowing those references to persist across separate messages.
cbor2	5.5.1	<5.6.0	show Cbor2 5.6.0 fixes issue that was causing a MemoryError when decoding large definite strings. It was due to the library attempting to allocate more memory than available, leading to a failure in memory allocation. The fix involves altering how the library manages memory allocation for large strings, thus preventing the MemoryError from being thrown and allowing the library to handle large strings correctly. https://github.com/agronholm/cbor2/commit/387755eacf0be35591a478d3c67fe10618a6d542
cbor2	5.5.1	>=5.5.1,<5.6.2	show Affected versions of Cbor2 are vulnerable to Buffer Overflow. An attacker can crash a service using cbor2 to parse a CBOR binary by sending a long enough object.
pycryptodome	3.19.1	<3.20.0	show Pycryptodome 3.20.0 addresses a vulnerability in the OAEP decryption process, which previously had a side-channel leakage issue. This vulnerability could potentially be exploited through a Manger attack, a type of cryptographic attack. The resolution of this issue enhances the security of the library, especially in its handling of OAEP decryption. https://github.com/Legrandin/pycryptodome/commit/0deea1bfe1489e8c80d2053bbb06a1aa0b181ebd

pyup-update-aiohttp-3.9.1-to-3.9.3

2 years ago

a9dbb88f

Update aiohttp from 3.9.1 to 3.9.3

cbor2 5.5.1 and pycryptodome 3.19.1 have known security vulnerabilities.

Package	Installed	Affected	Info
cbor2	5.5.1	>=3.0.0,<5.8.0	show Affected versions of the cbor2 package are vulnerable to Information Disclosure due to the CBORDecoder state being reused without clearing shareable values between decode operations. In cbor2, CBORDecoder.decode_from_bytes() and the CBORDecoder.fp setter (including the C extension _CBORDecoder_set_fp and the pure-Python cbor2/_decoder.py implementation) do not reset the internal shareables list that stores tag 28 (shareable) values for later retrieval via tag 29 (sharedref), allowing those references to persist across separate messages.
cbor2	5.5.1	<5.6.0	show Cbor2 5.6.0 fixes issue that was causing a MemoryError when decoding large definite strings. It was due to the library attempting to allocate more memory than available, leading to a failure in memory allocation. The fix involves altering how the library manages memory allocation for large strings, thus preventing the MemoryError from being thrown and allowing the library to handle large strings correctly. https://github.com/agronholm/cbor2/commit/387755eacf0be35591a478d3c67fe10618a6d542
cbor2	5.5.1	>=5.5.1,<5.6.2	show Affected versions of Cbor2 are vulnerable to Buffer Overflow. An attacker can crash a service using cbor2 to parse a CBOR binary by sending a long enough object.
pycryptodome	3.19.1	<3.20.0	show Pycryptodome 3.20.0 addresses a vulnerability in the OAEP decryption process, which previously had a side-channel leakage issue. This vulnerability could potentially be exploited through a Manger attack, a type of cryptographic attack. The resolution of this issue enhances the security of the library, especially in its handling of OAEP decryption. https://github.com/Legrandin/pycryptodome/commit/0deea1bfe1489e8c80d2053bbb06a1aa0b181ebd

pyup-update-pytz-2023.3.post1-to-2023.4

2 years ago

54796549

Update pytz from 2023.3.post1 to 2023.4

cbor2 5.5.1 and pycryptodome 3.19.1 have known security vulnerabilities.

Package	Installed	Affected	Info
cbor2	5.5.1	>=3.0.0,<5.8.0	show Affected versions of the cbor2 package are vulnerable to Information Disclosure due to the CBORDecoder state being reused without clearing shareable values between decode operations. In cbor2, CBORDecoder.decode_from_bytes() and the CBORDecoder.fp setter (including the C extension _CBORDecoder_set_fp and the pure-Python cbor2/_decoder.py implementation) do not reset the internal shareables list that stores tag 28 (shareable) values for later retrieval via tag 29 (sharedref), allowing those references to persist across separate messages.
cbor2	5.5.1	<5.6.0	show Cbor2 5.6.0 fixes issue that was causing a MemoryError when decoding large definite strings. It was due to the library attempting to allocate more memory than available, leading to a failure in memory allocation. The fix involves altering how the library manages memory allocation for large strings, thus preventing the MemoryError from being thrown and allowing the library to handle large strings correctly. https://github.com/agronholm/cbor2/commit/387755eacf0be35591a478d3c67fe10618a6d542
cbor2	5.5.1	>=5.5.1,<5.6.2	show Affected versions of Cbor2 are vulnerable to Buffer Overflow. An attacker can crash a service using cbor2 to parse a CBOR binary by sending a long enough object.
pycryptodome	3.19.1	<3.20.0	show Pycryptodome 3.20.0 addresses a vulnerability in the OAEP decryption process, which previously had a side-channel leakage issue. This vulnerability could potentially be exploited through a Manger attack, a type of cryptographic attack. The resolution of this issue enhances the security of the library, especially in its handling of OAEP decryption. https://github.com/Legrandin/pycryptodome/commit/0deea1bfe1489e8c80d2053bbb06a1aa0b181ebd

pyup-update-aiohttp-3.9.1-to-3.9.2

2 years ago

e8bd37db

Update aiohttp from 3.9.1 to 3.9.2

cbor2 5.5.1 and pycryptodome 3.19.1 have known security vulnerabilities.

Package	Installed	Affected	Info
cbor2	5.5.1	>=3.0.0,<5.8.0	show Affected versions of the cbor2 package are vulnerable to Information Disclosure due to the CBORDecoder state being reused without clearing shareable values between decode operations. In cbor2, CBORDecoder.decode_from_bytes() and the CBORDecoder.fp setter (including the C extension _CBORDecoder_set_fp and the pure-Python cbor2/_decoder.py implementation) do not reset the internal shareables list that stores tag 28 (shareable) values for later retrieval via tag 29 (sharedref), allowing those references to persist across separate messages.
cbor2	5.5.1	<5.6.0	show Cbor2 5.6.0 fixes issue that was causing a MemoryError when decoding large definite strings. It was due to the library attempting to allocate more memory than available, leading to a failure in memory allocation. The fix involves altering how the library manages memory allocation for large strings, thus preventing the MemoryError from being thrown and allowing the library to handle large strings correctly. https://github.com/agronholm/cbor2/commit/387755eacf0be35591a478d3c67fe10618a6d542
cbor2	5.5.1	>=5.5.1,<5.6.2	show Affected versions of Cbor2 are vulnerable to Buffer Overflow. An attacker can crash a service using cbor2 to parse a CBOR binary by sending a long enough object.
pycryptodome	3.19.1	<3.20.0	show Pycryptodome 3.20.0 addresses a vulnerability in the OAEP decryption process, which previously had a side-channel leakage issue. This vulnerability could potentially be exploited through a Manger attack, a type of cryptographic attack. The resolution of this issue enhances the security of the library, especially in its handling of OAEP decryption. https://github.com/Legrandin/pycryptodome/commit/0deea1bfe1489e8c80d2053bbb06a1aa0b181ebd

pyup-update-pytest-7.4.3-to-8.0.0

2 years ago

150f1167

Update pytest from 7.4.3 to 8.0.0

cbor2 5.5.1 and pycryptodome 3.19.1 have known security vulnerabilities.

Package	Installed	Affected	Info
cbor2	5.5.1	>=3.0.0,<5.8.0	show Affected versions of the cbor2 package are vulnerable to Information Disclosure due to the CBORDecoder state being reused without clearing shareable values between decode operations. In cbor2, CBORDecoder.decode_from_bytes() and the CBORDecoder.fp setter (including the C extension _CBORDecoder_set_fp and the pure-Python cbor2/_decoder.py implementation) do not reset the internal shareables list that stores tag 28 (shareable) values for later retrieval via tag 29 (sharedref), allowing those references to persist across separate messages.
cbor2	5.5.1	<5.6.0	show Cbor2 5.6.0 fixes issue that was causing a MemoryError when decoding large definite strings. It was due to the library attempting to allocate more memory than available, leading to a failure in memory allocation. The fix involves altering how the library manages memory allocation for large strings, thus preventing the MemoryError from being thrown and allowing the library to handle large strings correctly. https://github.com/agronholm/cbor2/commit/387755eacf0be35591a478d3c67fe10618a6d542
cbor2	5.5.1	>=5.5.1,<5.6.2	show Affected versions of Cbor2 are vulnerable to Buffer Overflow. An attacker can crash a service using cbor2 to parse a CBOR binary by sending a long enough object.
pycryptodome	3.19.1	<3.20.0	show Pycryptodome 3.20.0 addresses a vulnerability in the OAEP decryption process, which previously had a side-channel leakage issue. This vulnerability could potentially be exploited through a Manger attack, a type of cryptographic attack. The resolution of this issue enhances the security of the library, especially in its handling of OAEP decryption. https://github.com/Legrandin/pycryptodome/commit/0deea1bfe1489e8c80d2053bbb06a1aa0b181ebd

pyup-update-coverage-7.4.0-to-7.4.1

2 years ago

b1b0d374

Update coverage from 7.4.0 to 7.4.1

cbor2 5.5.1 and pycryptodome 3.19.1 have known security vulnerabilities.

Package	Installed	Affected	Info
cbor2	5.5.1	>=3.0.0,<5.8.0	show Affected versions of the cbor2 package are vulnerable to Information Disclosure due to the CBORDecoder state being reused without clearing shareable values between decode operations. In cbor2, CBORDecoder.decode_from_bytes() and the CBORDecoder.fp setter (including the C extension _CBORDecoder_set_fp and the pure-Python cbor2/_decoder.py implementation) do not reset the internal shareables list that stores tag 28 (shareable) values for later retrieval via tag 29 (sharedref), allowing those references to persist across separate messages.
cbor2	5.5.1	<5.6.0	show Cbor2 5.6.0 fixes issue that was causing a MemoryError when decoding large definite strings. It was due to the library attempting to allocate more memory than available, leading to a failure in memory allocation. The fix involves altering how the library manages memory allocation for large strings, thus preventing the MemoryError from being thrown and allowing the library to handle large strings correctly. https://github.com/agronholm/cbor2/commit/387755eacf0be35591a478d3c67fe10618a6d542
cbor2	5.5.1	>=5.5.1,<5.6.2	show Affected versions of Cbor2 are vulnerable to Buffer Overflow. An attacker can crash a service using cbor2 to parse a CBOR binary by sending a long enough object.
pycryptodome	3.19.1	<3.20.0	show Pycryptodome 3.20.0 addresses a vulnerability in the OAEP decryption process, which previously had a side-channel leakage issue. This vulnerability could potentially be exploited through a Manger attack, a type of cryptographic attack. The resolution of this issue enhances the security of the library, especially in its handling of OAEP decryption. https://github.com/Legrandin/pycryptodome/commit/0deea1bfe1489e8c80d2053bbb06a1aa0b181ebd

pyup-update-vcrpy-5.1.0-to-6.0.1

2 years, 1 month ago

94c16bd5

Update vcrpy from 5.1.0 to 6.0.1

cbor2 5.5.1 and pycryptodome 3.19.1 have known security vulnerabilities.

Package	Installed	Affected	Info
cbor2	5.5.1	>=3.0.0,<5.8.0	show Affected versions of the cbor2 package are vulnerable to Information Disclosure due to the CBORDecoder state being reused without clearing shareable values between decode operations. In cbor2, CBORDecoder.decode_from_bytes() and the CBORDecoder.fp setter (including the C extension _CBORDecoder_set_fp and the pure-Python cbor2/_decoder.py implementation) do not reset the internal shareables list that stores tag 28 (shareable) values for later retrieval via tag 29 (sharedref), allowing those references to persist across separate messages.
cbor2	5.5.1	<5.6.0	show Cbor2 5.6.0 fixes issue that was causing a MemoryError when decoding large definite strings. It was due to the library attempting to allocate more memory than available, leading to a failure in memory allocation. The fix involves altering how the library manages memory allocation for large strings, thus preventing the MemoryError from being thrown and allowing the library to handle large strings correctly. https://github.com/agronholm/cbor2/commit/387755eacf0be35591a478d3c67fe10618a6d542
cbor2	5.5.1	>=5.5.1,<5.6.2	show Affected versions of Cbor2 are vulnerable to Buffer Overflow. An attacker can crash a service using cbor2 to parse a CBOR binary by sending a long enough object.
pycryptodome	3.19.1	<3.20.0	show Pycryptodome 3.20.0 addresses a vulnerability in the OAEP decryption process, which previously had a side-channel leakage issue. This vulnerability could potentially be exploited through a Manger attack, a type of cryptographic attack. The resolution of this issue enhances the security of the library, especially in its handling of OAEP decryption. https://github.com/Legrandin/pycryptodome/commit/0deea1bfe1489e8c80d2053bbb06a1aa0b181ebd

pyup-update-cryptography-41.0.7-to-42.0.1

2 years, 1 month ago

8837c134

Update cryptography from 41.0.7 to 42.0.1

cbor2 5.5.1 and pycryptodome 3.19.1 have known security vulnerabilities.

Package	Installed	Affected	Info
cbor2	5.5.1	>=3.0.0,<5.8.0	show Affected versions of the cbor2 package are vulnerable to Information Disclosure due to the CBORDecoder state being reused without clearing shareable values between decode operations. In cbor2, CBORDecoder.decode_from_bytes() and the CBORDecoder.fp setter (including the C extension _CBORDecoder_set_fp and the pure-Python cbor2/_decoder.py implementation) do not reset the internal shareables list that stores tag 28 (shareable) values for later retrieval via tag 29 (sharedref), allowing those references to persist across separate messages.
cbor2	5.5.1	<5.6.0	show Cbor2 5.6.0 fixes issue that was causing a MemoryError when decoding large definite strings. It was due to the library attempting to allocate more memory than available, leading to a failure in memory allocation. The fix involves altering how the library manages memory allocation for large strings, thus preventing the MemoryError from being thrown and allowing the library to handle large strings correctly. https://github.com/agronholm/cbor2/commit/387755eacf0be35591a478d3c67fe10618a6d542
cbor2	5.5.1	>=5.5.1,<5.6.2	show Affected versions of Cbor2 are vulnerable to Buffer Overflow. An attacker can crash a service using cbor2 to parse a CBOR binary by sending a long enough object.
pycryptodome	3.19.1	<3.20.0	show Pycryptodome 3.20.0 addresses a vulnerability in the OAEP decryption process, which previously had a side-channel leakage issue. This vulnerability could potentially be exploited through a Manger attack, a type of cryptographic attack. The resolution of this issue enhances the security of the library, especially in its handling of OAEP decryption. https://github.com/Legrandin/pycryptodome/commit/0deea1bfe1489e8c80d2053bbb06a1aa0b181ebd

pyup-update-pluggy-1.3.0-to-1.4.0

2 years, 1 month ago

3232fa33

Update pluggy from 1.3.0 to 1.4.0

cbor2 5.5.1 and pycryptodome 3.19.1 have known security vulnerabilities.

Package	Installed	Affected	Info
cbor2	5.5.1	>=3.0.0,<5.8.0	show Affected versions of the cbor2 package are vulnerable to Information Disclosure due to the CBORDecoder state being reused without clearing shareable values between decode operations. In cbor2, CBORDecoder.decode_from_bytes() and the CBORDecoder.fp setter (including the C extension _CBORDecoder_set_fp and the pure-Python cbor2/_decoder.py implementation) do not reset the internal shareables list that stores tag 28 (shareable) values for later retrieval via tag 29 (sharedref), allowing those references to persist across separate messages.
cbor2	5.5.1	<5.6.0	show Cbor2 5.6.0 fixes issue that was causing a MemoryError when decoding large definite strings. It was due to the library attempting to allocate more memory than available, leading to a failure in memory allocation. The fix involves altering how the library manages memory allocation for large strings, thus preventing the MemoryError from being thrown and allowing the library to handle large strings correctly. https://github.com/agronholm/cbor2/commit/387755eacf0be35591a478d3c67fe10618a6d542
cbor2	5.5.1	>=5.5.1,<5.6.2	show Affected versions of Cbor2 are vulnerable to Buffer Overflow. An attacker can crash a service using cbor2 to parse a CBOR binary by sending a long enough object.
pycryptodome	3.19.1	<3.20.0	show Pycryptodome 3.20.0 addresses a vulnerability in the OAEP decryption process, which previously had a side-channel leakage issue. This vulnerability could potentially be exploited through a Manger attack, a type of cryptographic attack. The resolution of this issue enhances the security of the library, especially in its handling of OAEP decryption. https://github.com/Legrandin/pycryptodome/commit/0deea1bfe1489e8c80d2053bbb06a1aa0b181ebd

pyup-update-vcrpy-5.1.0-to-6.0.0

2 years, 1 month ago

b4a711c9

Update vcrpy from 5.1.0 to 6.0.0

cbor2 5.5.1 and pycryptodome 3.19.1 have known security vulnerabilities.

Package	Installed	Affected	Info
cbor2	5.5.1	>=3.0.0,<5.8.0	show Affected versions of the cbor2 package are vulnerable to Information Disclosure due to the CBORDecoder state being reused without clearing shareable values between decode operations. In cbor2, CBORDecoder.decode_from_bytes() and the CBORDecoder.fp setter (including the C extension _CBORDecoder_set_fp and the pure-Python cbor2/_decoder.py implementation) do not reset the internal shareables list that stores tag 28 (shareable) values for later retrieval via tag 29 (sharedref), allowing those references to persist across separate messages.
cbor2	5.5.1	<5.6.0	show Cbor2 5.6.0 fixes issue that was causing a MemoryError when decoding large definite strings. It was due to the library attempting to allocate more memory than available, leading to a failure in memory allocation. The fix involves altering how the library manages memory allocation for large strings, thus preventing the MemoryError from being thrown and allowing the library to handle large strings correctly. https://github.com/agronholm/cbor2/commit/387755eacf0be35591a478d3c67fe10618a6d542
cbor2	5.5.1	>=5.5.1,<5.6.2	show Affected versions of Cbor2 are vulnerable to Buffer Overflow. An attacker can crash a service using cbor2 to parse a CBOR binary by sending a long enough object.
pycryptodome	3.19.1	<3.20.0	show Pycryptodome 3.20.0 addresses a vulnerability in the OAEP decryption process, which previously had a side-channel leakage issue. This vulnerability could potentially be exploited through a Manger attack, a type of cryptographic attack. The resolution of this issue enhances the security of the library, especially in its handling of OAEP decryption. https://github.com/Legrandin/pycryptodome/commit/0deea1bfe1489e8c80d2053bbb06a1aa0b181ebd

pyup-update-cryptography-41.0.7-to-42.0.0

2 years, 1 month ago

90b60c75

Update cryptography from 41.0.7 to 42.0.0

cbor2 5.5.1 and pycryptodome 3.19.1 have known security vulnerabilities.

Package	Installed	Affected	Info
cbor2	5.5.1	>=3.0.0,<5.8.0	show Affected versions of the cbor2 package are vulnerable to Information Disclosure due to the CBORDecoder state being reused without clearing shareable values between decode operations. In cbor2, CBORDecoder.decode_from_bytes() and the CBORDecoder.fp setter (including the C extension _CBORDecoder_set_fp and the pure-Python cbor2/_decoder.py implementation) do not reset the internal shareables list that stores tag 28 (shareable) values for later retrieval via tag 29 (sharedref), allowing those references to persist across separate messages.
cbor2	5.5.1	<5.6.0	show Cbor2 5.6.0 fixes issue that was causing a MemoryError when decoding large definite strings. It was due to the library attempting to allocate more memory than available, leading to a failure in memory allocation. The fix involves altering how the library manages memory allocation for large strings, thus preventing the MemoryError from being thrown and allowing the library to handle large strings correctly. https://github.com/agronholm/cbor2/commit/387755eacf0be35591a478d3c67fe10618a6d542
cbor2	5.5.1	>=5.5.1,<5.6.2	show Affected versions of Cbor2 are vulnerable to Buffer Overflow. An attacker can crash a service using cbor2 to parse a CBOR binary by sending a long enough object.
pycryptodome	3.19.1	<3.20.0	show Pycryptodome 3.20.0 addresses a vulnerability in the OAEP decryption process, which previously had a side-channel leakage issue. This vulnerability could potentially be exploited through a Manger attack, a type of cryptographic attack. The resolution of this issue enhances the security of the library, especially in its handling of OAEP decryption. https://github.com/Legrandin/pycryptodome/commit/0deea1bfe1489e8c80d2053bbb06a1aa0b181ebd

pyup-update-pyopenssl-23.2.0-to-24.0.0

2 years, 1 month ago

f8923daf

Update pyopenssl from 23.2.0 to 24.0.0

cbor2 5.5.1 and pycryptodome 3.19.1 have known security vulnerabilities.

Package	Installed	Affected	Info
cbor2	5.5.1	>=3.0.0,<5.8.0	show Affected versions of the cbor2 package are vulnerable to Information Disclosure due to the CBORDecoder state being reused without clearing shareable values between decode operations. In cbor2, CBORDecoder.decode_from_bytes() and the CBORDecoder.fp setter (including the C extension _CBORDecoder_set_fp and the pure-Python cbor2/_decoder.py implementation) do not reset the internal shareables list that stores tag 28 (shareable) values for later retrieval via tag 29 (sharedref), allowing those references to persist across separate messages.
cbor2	5.5.1	<5.6.0	show Cbor2 5.6.0 fixes issue that was causing a MemoryError when decoding large definite strings. It was due to the library attempting to allocate more memory than available, leading to a failure in memory allocation. The fix involves altering how the library manages memory allocation for large strings, thus preventing the MemoryError from being thrown and allowing the library to handle large strings correctly. https://github.com/agronholm/cbor2/commit/387755eacf0be35591a478d3c67fe10618a6d542
cbor2	5.5.1	>=5.5.1,<5.6.2	show Affected versions of Cbor2 are vulnerable to Buffer Overflow. An attacker can crash a service using cbor2 to parse a CBOR binary by sending a long enough object.
pycryptodome	3.19.1	<3.20.0	show Pycryptodome 3.20.0 addresses a vulnerability in the OAEP decryption process, which previously had a side-channel leakage issue. This vulnerability could potentially be exploited through a Manger attack, a type of cryptographic attack. The resolution of this issue enhances the security of the library, especially in its handling of OAEP decryption. https://github.com/Legrandin/pycryptodome/commit/0deea1bfe1489e8c80d2053bbb06a1aa0b181ebd

pyup-update-jsonschema-4.17.3-to-4.21.1

2 years, 1 month ago

429a0d0b

Update jsonschema from 4.17.3 to 4.21.1

pycryptodome 3.19.1 has known security vulnerabilities.

Package	Installed	Affected	Info
pycryptodome	3.19.1	<3.20.0	show Pycryptodome 3.20.0 addresses a vulnerability in the OAEP decryption process, which previously had a side-channel leakage issue. This vulnerability could potentially be exploited through a Manger attack, a type of cryptographic attack. The resolution of this issue enhances the security of the library, especially in its handling of OAEP decryption. https://github.com/Legrandin/pycryptodome/commit/0deea1bfe1489e8c80d2053bbb06a1aa0b181ebd

Package

Installed

Affected

Info

pycryptodome

3.19.1

<3.20.0

show

Pycryptodome 3.20.0 addresses a vulnerability in the OAEP decryption process, which previously had a side-channel leakage issue. This vulnerability could potentially be exploited through a Manger attack, a type of cryptographic attack. The resolution of this issue enhances the security of the library, especially in its handling of OAEP decryption.
https://github.com/Legrandin/pycryptodome/commit/0deea1bfe1489e8c80d2053bbb06a1aa0b181ebd

pyup-update-cbor2-5.5.1-to-5.6.0

2 years, 1 month ago

afa405b1

Update cbor2 from 5.5.1 to 5.6.0

pycryptodome 3.19.1 has known security vulnerabilities.

Package	Installed	Affected	Info
pycryptodome	3.19.1	<3.20.0	show Pycryptodome 3.20.0 addresses a vulnerability in the OAEP decryption process, which previously had a side-channel leakage issue. This vulnerability could potentially be exploited through a Manger attack, a type of cryptographic attack. The resolution of this issue enhances the security of the library, especially in its handling of OAEP decryption. https://github.com/Legrandin/pycryptodome/commit/0deea1bfe1489e8c80d2053bbb06a1aa0b181ebd

Package

Installed

Affected

Info

pycryptodome

3.19.1

<3.20.0

show

Pycryptodome 3.20.0 addresses a vulnerability in the OAEP decryption process, which previously had a side-channel leakage issue. This vulnerability could potentially be exploited through a Manger attack, a type of cryptographic attack. The resolution of this issue enhances the security of the library, especially in its handling of OAEP decryption.
https://github.com/Legrandin/pycryptodome/commit/0deea1bfe1489e8c80d2053bbb06a1aa0b181ebd