There are 2 open security issues in buster.
2 issues left for the package maintainer to handle:
- CVE-2020-25659:
(needs triaging)
python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API, via timed processing of valid PKCS#1 v1.5 ciphertext.
- CVE-2020-36242:
(needs triaging)
In the cryptography package before 3.3.2 for Python, certain sequences of update calls to symmetrically encrypt multi-GB values could result in an integer overflow and buffer overflow, as demonstrated by the Fernet class.
You can find information about how to handle these issues in the security team's documentation.