There are 2 open security issues in bullseye.
2 issues left for the package maintainer to handle:
- CVE-2020-13757:
(needs triaging)
Python-RSA before 4.1 ignores leading '\0' bytes during decryption of ciphertext. This could conceivably have a security-relevant impact, e.g., by helping an attacker to infer that an application uses Python-RSA, or if the length of accepted ciphertext affects application behavior (such as by causing excessive memory allocation).
- CVE-2020-25658:
(needs triaging)
It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. An attacker can use this flaw via the RSA decryption API to decrypt parts of the cipher text encrypted with RSA.
You can find information about how to handle these issues in the security team's documentation.