pyrox.dev
lol
python3Packages.cryptography: 3.3.1 -> 3.3.2 (security, CVE-2020-36242)
SECURITY ISSUE: Fixed a bug where certain sequences of update() calls
when symmetrically encrypting very large payloads (>2GB) could result in
an integer overflow, leading to buffer overflows. CVE-2020-36242
Note: This also updates {,vectors-}3.3.nix (for Python 2 / nixops)
because of the security issue.
+2
-2
pkgs/development/python-modules/cryptography/3.3.nix
+2
-2
pkgs/development/python-modules/cryptography/3.3.nix
···
22
22
23
23
buildPythonPackage rec {
24
24
pname = "cryptography";
25
-
version = "3.3.1"; # Also update the hash in vectors-3.3.nix
25
+
version = "3.3.2"; # Also update the hash in vectors-3.3.nix
26
26
27
27
src = fetchPypi {
28
28
inherit pname version;
29
-
sha256 = "1ribd1vxq9wwz564mg60dzcy699gng54admihjjkgs9dx95pw5vy";
29
+
sha256 = "1vcvw4lkw1spiq322pm1256kail8nck6bbgpdxx3pqa905wd6q2s";
30
30
};
31
31
32
32
patches = [ ./cryptography-py27-warning.patch ];
+2
-2
pkgs/development/python-modules/cryptography/default.nix
+2
-2
pkgs/development/python-modules/cryptography/default.nix
···
22
22
23
23
buildPythonPackage rec {
24
24
pname = "cryptography";
25
-
version = "3.3.1"; # Also update the hash in vectors.nix
25
+
version = "3.3.2"; # Also update the hash in vectors.nix
26
26
27
27
src = fetchPypi {
28
28
inherit pname version;
29
-
sha256 = "1ribd1vxq9wwz564mg60dzcy699gng54admihjjkgs9dx95pw5vy";
29
+
sha256 = "1vcvw4lkw1spiq322pm1256kail8nck6bbgpdxx3pqa905wd6q2s";
30
30
};
31
31
32
32
outputs = [ "out" "dev" ];
+1
-1
pkgs/development/python-modules/cryptography/vectors-3.3.nix
+1
-1
pkgs/development/python-modules/cryptography/vectors-3.3.nix
+1
-1
pkgs/development/python-modules/cryptography/vectors.nix
+1
-1
pkgs/development/python-modules/cryptography/vectors.nix