Source: python-rsa Version: 4.0-4 Severity: important Tags: security upstream Forwarded: https://github.com/sybrenstuvel/python-rsa/issues/146 Control: found -1 4.0-2
Hi, The following vulnerability was published for python-rsa. CVE-2020-13757[0]: | Python-RSA 4.0 ignores leading '\0' bytes during decryption of | ciphertext. This could conceivably have a security-relevant impact, | e.g., by helping an attacker to infer that an application uses Python- | RSA, or if the length of accepted ciphertext affects application | behavior (such as by causing excessive memory allocation). If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2020-13757 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13757 [1] https://github.com/sybrenstuvel/python-rsa/issues/146 Please adjust the affected versions in the BTS as needed. Regards, Salvatore