Your message dated Sat, 09 Nov 2019 20:35:45 +0000
with message-id <[email protected]>
and subject line Bug#941413: fixed in python-cryptography 2.6.1-3+deb10u2
has caused the Debian Bug report #941413,
regarding python3-cryptography: aia encoding memory leak
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
941413: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=941413
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: python3-cryptography
Version: 2.6.1-3
Severity: important
tags: fixed-upstream
python3-cryptography version shipped with buster suffers from a memory
leak that's already been fixed by upstream[1] on version 2.7. This
leak is triggeable with real workloads like it can been seen here[2].
TL;DR code parsing x509 certificate extensions like Authority
Information Access or Subject Alternative Name triggers the issue.
It could be great if [1] could be backported to solve the bug.
Thanks!
Valentin Gutierrez
[1] =>
https://github.com/pyca/cryptography/commit/9a22851fab924fd58482fdad3f8dd23dc3987f91
[2] => https://phabricator.wikimedia.org/T234131
--- End Message ---
--- Begin Message ---
Source: python-cryptography
Source-Version: 2.6.1-3+deb10u2
We believe that the bug you reported is fixed in the latest version of
python-cryptography, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Moritz Mühlenhoff <[email protected]> (supplier of updated python-cryptography
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 18 Oct 2019 16:08:59 +0200
Source: python-cryptography
Binary: python-cryptography python-cryptography-dbgsym python-cryptography-doc
python3-cryptography python3-cryptography-dbgsym
Architecture: source amd64 all
Version: 2.6.1-3+deb10u2
Distribution: buster
Urgency: medium
Maintainer: Tristan Seligmann <[email protected]>
Changed-By: Moritz Mühlenhoff <[email protected]>
Description:
python-cryptography - Python library exposing cryptographic recipes and
primitives (Pyt
python-cryptography-doc - Python library exposing cryptographic recipes and
primitives (doc
python3-cryptography - Python library exposing cryptographic recipes and
primitives (Pyt
Closes: 941413
Changes:
python-cryptography (2.6.1-3+deb10u2) buster; urgency=medium
.
* Cherrypick 92241410b5b0591d849443b3023992334a4be0a2 and
9a22851fab924fd58482fdad3f8dd23dc3987f91 from upstream which
addresses a memory leak triggerable when parsing x509
certificate extensions like AIA, thanks to Valentin
Gutierrez for the report (Closes: #941413)
Checksums-Sha1:
4d7dd8f38312df8d99098b700eb3ef2b698bacc8 3556
python-cryptography_2.6.1-3+deb10u2.dsc
672f9574a547d9c3eac6079cd86cd3e918de06b6 29712
python-cryptography_2.6.1-3+deb10u2.debian.tar.xz
83aa4bac321a27f0c69bcb09fc9ac4dd7d3b3018 542044
python-cryptography-dbgsym_2.6.1-3+deb10u2_amd64.deb
65d5b45e87e350148bcc6a3d2f5f280289b47677 296012
python-cryptography-doc_2.6.1-3+deb10u2_all.deb
5abacb153376ce86b20596ce20d75aa7dbeb7c0e 10926
python-cryptography_2.6.1-3+deb10u2_amd64.buildinfo
b1d167742101ed0c7701111f54d2a41851f72261 217940
python-cryptography_2.6.1-3+deb10u2_amd64.deb
62953c30e6c9c025154466c8136e011c058170a7 530020
python3-cryptography-dbgsym_2.6.1-3+deb10u2_amd64.deb
1dba84d47e37f302b83660317846cd425d2ba134 218536
python3-cryptography_2.6.1-3+deb10u2_amd64.deb
Checksums-Sha256:
4b0fc06e420ed2b599f9f3cdb896648b45bda1298fefebf7c90d116d288f7ac9 3556
python-cryptography_2.6.1-3+deb10u2.dsc
43dbe9f6b272340c0c6a1d2bc6a56516cd087e065b054209956ba29446827061 29712
python-cryptography_2.6.1-3+deb10u2.debian.tar.xz
6c484aa976b84c1e14a13612ccdff922ac6455c7d11b4e2aa13d3e46eaa302c4 542044
python-cryptography-dbgsym_2.6.1-3+deb10u2_amd64.deb
5ed6def942d019ac01511a634431531a3409b55427141a3202e3e235e5437248 296012
python-cryptography-doc_2.6.1-3+deb10u2_all.deb
1644ff6781c33607bf9962b14e62e85d064cdf144bab8e7fa059db598a2afe32 10926
python-cryptography_2.6.1-3+deb10u2_amd64.buildinfo
17dff22f7b7057744623d5fc1a30e650e0b1fdcb49bca78d63576b056d9849b6 217940
python-cryptography_2.6.1-3+deb10u2_amd64.deb
051c72daf7ead0051e82e099045e69ff3624d2aa38fcf41322aab18f7fec7364 530020
python3-cryptography-dbgsym_2.6.1-3+deb10u2_amd64.deb
229a079ea909217d326458bc10570105974dee8605c678109c93b493ebe70d02 218536
python3-cryptography_2.6.1-3+deb10u2_amd64.deb
Files:
5a8793325f7f4a2dba7433f58e1a93c8 3556 python optional
python-cryptography_2.6.1-3+deb10u2.dsc
928301512c0ab9a9b1c72fc816b61b30 29712 python optional
python-cryptography_2.6.1-3+deb10u2.debian.tar.xz
a7b8d3990b872ec6493556cf3d4b0dda 542044 debug optional
python-cryptography-dbgsym_2.6.1-3+deb10u2_amd64.deb
c8095b8ac97205ce0dac9ef892c5f6c8 296012 doc optional
python-cryptography-doc_2.6.1-3+deb10u2_all.deb
00e1406eae2468c989614c02d6576133 10926 python optional
python-cryptography_2.6.1-3+deb10u2_amd64.buildinfo
85fd0df4ea16a2433e71b4089e815889 217940 python optional
python-cryptography_2.6.1-3+deb10u2_amd64.deb
60a1b14aba6ec6631556cc63dfbb30c3 530020 debug optional
python3-cryptography-dbgsym_2.6.1-3+deb10u2_amd64.deb
ae25aa49655e0ed7d254057c11eb7a09 218536 python optional
python3-cryptography_2.6.1-3+deb10u2_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl3F6YwACgkQEMKTtsN8
TjbvOxAAq2difMv94SFKn5plljDPiA8dWyv0fv/d7lJhncPKPy+IKTO0zYl4N8Ka
0q3HUNACQnr3DJCABzxmL9eyL1TZv0ijPlVlj4wsDWDAxNq9ZVoMq/IaQxV4KPmP
Q0aKbZSLo1KIj7zq10x1Gv6X3MQjSPNzBjL4gfLR+U3DWeDRpREPsz5h7Vv+T73S
E96gPGOiNSRS3B11XX1+waHlL/5qanFhlTWSXv9Xsmt8jZ4YopMVUrhPqkOCjmpC
TnIwHzkGzIGShDlq6tt8/GJzQDgbq8ao3X6eCqmUSAd9hQ95l7s3VdMO2NlO+gEd
rvWUtL4mRDlePrZJwo8d2suy7zbFl9Ru597Jhqa6FR3wISU+/nItIwBHOqBAmT39
IsyAHKHv0DjcPrYv6MoY8LKAh14MQWh7a1d0at0P+w47xOLUuxEYV0aEq0VDiyUG
45Xy8cqQgHHbBxQfmyqfgx2I8Hkmloyf7t8OpCo0cRuF5LudvtkUMeiN4lRs0Lfv
T2hWIJW+Yjq7V/zSx25p/Et7NXqP0Ycmtx6XaNpXUYJaMEkCPXkiyXPQcT6nblCa
zeXdTAr6LTExuWhtci6R8SUbKnVtgIeu5D3AMuNjW8mMRmcCOP01LGcVIAl9a8JP
3JU4futcx9+x/wYqrMqv+aW0ZW0VMuZe7O4WjJktPM5wk7Cn1PM=
=nrQ2
-----END PGP SIGNATURE-----
--- End Message ---
