[Python-modules-team] Bug#974685: python-rsa: CVE-2020-25658
Salvatore Bonaccorso
carnil at debian.org
Fri Nov 13 18:45:59 GMT 2020
Source: python-rsa
Version: 4.0-4
Severity: important
Tags: security upstream
Forwarded: https://github.com/sybrenstuvel/python-rsa/issues/165
X-Debbugs-Cc: carnil at debian.org, Debian Security Team <team at security.debian.org>
Control: found -1 4.0-2
Hi,
The following vulnerability was published for python-rsa.
CVE-2020-25658[0]:
| It was found that python-rsa is vulnerable to Bleichenbacher timing
| attacks. An attacker can use this flaw via the RSA decryption API to
| decrypt parts of the cipher text encrypted with RSA.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2020-25658
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25658
[1] https://github.com/sybrenstuvel/python-rsa/issues/165
Regards,
Salvatore
More information about the Python-modules-team
mailing list