Explore top 10 tips to secure your open-source projects now. Read More
×
Cipher.update_into would accept Python objects which implement the buffer
protocol, but provide only immutable buffers. This would allow immutable
objects (such as 'bytes') to be mutated, thus violating fundamental rules
of Python and resulting in corrupted output. This now correctly raises an
exception. (CVE-2023-23931)
- https://bugs.mageia.org/show_bug.cgi?id=31584
- https://lists.debian.org/debian-lts-announce/2023/02/msg00027.html
- https://www.cve.org/CVERecord?id=CVE-2023-23931
- 8/core/python-cryptography-3.3.1-1.2.mga8
Get the latest Linux and open source security news straight to your inbox.