Closed renovate[bot] closed 5 months ago
This PR contains the following updates:
==42.0.3
==42.0.4
If pkcs12.serialize_key_and_certificates is called with both:
pkcs12.serialize_key_and_certificates
encryption_algorithm
hmac_hash
PrivateFormat.PKCS12.encryption_builder().hmac_hash(...)
Then a NULL pointer dereference would occur, crashing the Python process.
This has been resolved, and now a ValueError is properly raised.
ValueError
Patched in https://github.com/pyca/cryptography/pull/10423
π Schedule: Branch creation - "" in timezone America/Los_Angeles, Automerge - At any time (no schedule defined).
π¦ Automerge: Disabled by config. Please merge this manually once you are satisfied.
β» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
π Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.
Supersedes and closes #922
This PR contains the following updates:
==42.0.3
->==42.0.4
GitHub Vulnerability Alerts
CVE-2024-26130
If
pkcs12.serialize_key_and_certificates
is called with both:encryption_algorithm
withhmac_hash
set (viaPrivateFormat.PKCS12.encryption_builder().hmac_hash(...)
Then a NULL pointer dereference would occur, crashing the Python process.
This has been resolved, and now a
ValueError
is properly raised.Patched in https://github.com/pyca/cryptography/pull/10423
Release Notes
pyca/cryptography (cryptography)
### [`v42.0.4`](https://togithub.com/pyca/cryptography/compare/42.0.3...42.0.4) [Compare Source](https://togithub.com/pyca/cryptography/compare/42.0.3...42.0.4)Configuration
π Schedule: Branch creation - "" in timezone America/Los_Angeles, Automerge - At any time (no schedule defined).
π¦ Automerge: Disabled by config. Please merge this manually once you are satisfied.
β» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
π Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.