google-auth-library-python icon indicating copy to clipboard operation
google-auth-library-python copied to clipboard

Published 20 hours ago verified publisher icon googleapis

chore(deps): update dependency cryptography to v42 [security]

Open renovate-bot opened this issue 2 years ago • 1 comments

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
cryptography (changelog) < 39.0.0 -> <42.0.3 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2023-50782

A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.

CVE-2024-0727

Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack

Impact summary: Applications loading files in the PKCS12 format from untrusted sources might terminate abruptly.

A file in PKCS12 format can contain certificates and keys and may come from an untrusted source. The PKCS12 specification allows certain fields to be NULL, but OpenSSL does not correctly check for this case. This can lead to a NULL pointer dereference that results in OpenSSL crashing. If an application processes PKCS12 files from an untrusted source using the OpenSSL APIs then that application will be vulnerable to this issue.

OpenSSL APIs that are vulnerable to this are: PKCS12_parse(), PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes() and PKCS12_newpass().

We have also fixed a similar issue in SMIME_write_PKCS7(). However since this function is related to writing data we do not consider it security significant.

The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.

Release Notes

pyca/cryptography (cryptography)

v42.0.2

Compare Source

v42.0.1

Compare Source

v42.0.0

Compare Source

v41.0.7

Compare Source

v41.0.6

Compare Source

v41.0.5

Compare Source

v41.0.4

Compare Source

v41.0.3

Compare Source

v41.0.2

Compare Source

v41.0.1

Compare Source

v41.0.0

Compare Source

v40.0.2

Compare Source

v40.0.1

Compare Source

v40.0.0

Compare Source

v39.0.2

Compare Source

v39.0.1

Compare Source

v39.0.0

Compare Source

v38.0.4

Compare Source

v38.0.3

Compare Source

v38.0.2

Compare Source

v38.0.1

Compare Source

v38.0.0

Compare Source

v37.0.4

Compare Source

v37.0.3

Compare Source

v37.0.2

Compare Source

v37.0.1

Compare Source

v37.0.0

Compare Source

v36.0.2

Compare Source

v36.0.1

Compare Source

v36.0.0

Compare Source

v35.0.0

Compare Source

v3.4.8

Compare Source

v3.4.7

Compare Source

v3.4.6

Compare Source

v3.4.5

Compare Source

v3.4.4

Compare Source

v3.4.3

Compare Source

v3.4.2

Compare Source

v3.4.1

Compare Source

v3.4

Compare Source

v3.3.2

Compare Source

v3.3.1

Compare Source

v3.3

Compare Source

v3.2.1

Compare Source

v3.2

Compare Source

v3.1.1

Compare Source

v3.1

Compare Source

v3.0

Compare Source

v2.9.2

Compare Source

v2.9.1

Compare Source

v2.9

Compare Source

v2.8

Compare Source

v2.7

Compare Source

v2.6.1

Compare Source

v2.6

Compare Source

v2.5

Compare Source

v2.4.2

Compare Source

v2.4.1

Compare Source

v2.4

Compare Source

v2.3.1

Compare Source

v2.3

Compare Source

v2.2.2

Compare Source

v2.2.1

Compare Source

v2.2

Compare Source

v2.1.4

Compare Source

v2.1.3

Compare Source

v2.1.2

Compare Source

v2.1.1

Compare Source

v2.1

Compare Source

v2.0.3

Compare Source

v2.0.2

Compare Source

v2.0.1

Compare Source

v2.0

Compare Source

v1.9

Compare Source

v1.8.2

Compare Source

v1.8.1

Compare Source

v1.8

Compare Source

v1.7.2

Compare Source

v1.7.1

Compare Source

v1.7

Compare Source

v1.6

Compare Source

v1.5.3

Compare Source

v1.5.2

Compare Source

v1.5.1

Compare Source

v1.5

Compare Source

v1.4

Compare Source

v1.3.4

Compare Source

v1.3.3

Compare Source

v1.3.2

Compare Source

v1.3.1

Compare Source

v1.3

Compare Source

v1.2.3

Compare Source

v1.2.2

Compare Source

v1.2.1

Compare Source

v1.2

Compare Source

v1.1.2

Compare Source

v1.1.1

Compare Source

v1.1

Compare Source

v1.0.2

Compare Source

v1.0.1

Compare Source

v1.0

Compare Source

v0.9.3

Compare Source

v0.9.2

Compare Source

v0.9.1

Compare Source

v0.9

Compare Source

v0.8.2

Compare Source

v0.8.1

Compare Source

v0.8

Compare Source

v0.7.2

Compare Source

v0.7.1

Compare Source

v0.7

Compare Source

v0.6.1

Compare Source

v0.6

Compare Source

v0.5.4

Compare Source

v0.5.3

Compare Source

v0.5.2

Compare Source

v0.5.1

Compare Source

v0.5

Compare Source

v0.4

Compare Source

v0.3

Compare Source

v0.2.2

Compare Source

v0.2.1

Compare Source

v0.2

Compare Source

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • [ ] If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

renovate-bot avatar Feb 07 '23 21:02 renovate-bot

Autoclosing Skipped

This PR has been flagged for autoclosing. However, it is being skipped due to the branch being already modified. Please close/delete it manually or report a bug if you think this is in error.

forking-renovate[bot] avatar May 03 '23 19:05 forking-renovate[bot]