package/python-m2crypto: fix CVE-2020-25657 (a86d44a3) · Commits · Infra Solutions / Reference Design / platsw / buildroot

Commit a86d44a3 authored Feb 26, 2023 by Fabrice Fontaine Committed by Peter Korsgaard Feb 27, 2023

package/python-m2crypto: fix CVE-2020-25657

A flaw was found in all released versions of m2crypto, where they are
vulnerable to Bleichenbacher timing attacks in the RSA decryption API
via the timed processing of valid PKCS#1 v1.5 Ciphertext. The highest
threat from this vulnerability is to confidentiality.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

parent 7abc9a05

Hide whitespace changes

Inline Side-by-side

Please register or to comment