Back to bug 1926226
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Guilherme de Almeida Suckevicz | 2021-02-08 13:21:46 UTC | Depends On | 1926227, 1926228 | |
| Guilherme de Almeida Suckevicz | 2021-02-08 13:21:47 UTC | Blocks | 1926229 | |
| Guilherme de Almeida Suckevicz | 2021-02-08 13:23:25 UTC | Summary | CVE-2020-36242 python-cryptography: certain sequences of update() calls when symmetrically encrypting very large payloads could result in an integer overflow leading to buffer overflows | CVE-2020-36242 python-cryptography: certain sequences of update() calls when symmetrically encrypting very large payloads could result in an integer overflow and lead to buffer overflows |
| Christian Heimes | 2021-02-08 14:58:50 UTC | Status | NEW | MODIFIED |
| Fixed In Version | python-cryptography-3.2.1-2.fc33 | |||
| Todd Cullum | 2021-02-09 00:50:35 UTC | Depends On | 1926528, 1926531, 1926530, 1926529 | |
| Todd Cullum | 2021-02-09 00:56:14 UTC | Depends On | 1926532 | |
| Summer Long | 2021-02-09 05:25:37 UTC | Depends On | 1926571 | |
| Yadnyawalk Tale | 2021-02-09 12:31:41 UTC | Depends On | 1926767 | |
| Todd Cullum | 2021-02-09 17:35:46 UTC | Fixed In Version | python-cryptography-3.2.1-2.fc33 | python-cryptography 3.3.2 |
| Stoyan Nikolov | 2021-02-16 09:22:59 UTC | Depends On | 1929129 | |
| Stoyan Nikolov | 2021-02-16 09:24:56 UTC | Depends On | 1929129 | |
| Stoyan Nikolov | 2021-02-16 09:26:28 UTC | Depends On | 1929131 | |
| Libor Miksik | 2021-02-25 15:52:43 UTC | Depends On | 1933071 | |
| Borja Tarraso | 2021-03-03 08:33:01 UTC | CC | bcoca, jcammara, jobarker, relrod, sdoran, tkuratom | |
| Borja Tarraso | 2021-03-05 08:24:10 UTC | Depends On | 1935581 | |
| Summer Long | 2021-03-17 00:38:10 UTC | Doc Text | A buffer-overflow flaw was found in the python-cryptography package. In certain sequences of ``update()`` calls when symmetrically encrypting very large payloads (>2GB) could result in an integer overflow, leading to buffer overflows. Note: This fix is a workaround for the OpenSSL CVE-2021-23840 flaw. Source: pyca/cryptography project | |
| Red Hat Bugzilla | 2021-03-22 12:50:15 UTC | CC | yturgema | |
| Red Hat Bugzilla | 2021-03-23 23:37:52 UTC | CC | dblechte | |
| Red Hat Bugzilla | 2021-04-04 12:47:07 UTC | CC | obarenbo | |
| Red Hat Bugzilla | 2021-04-20 07:45:08 UTC | CC | rpetrell | |
| Product Security DevOps Team | 2021-05-18 20:38:20 UTC | Status | MODIFIED | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2021-05-18 20:38:20 UTC | |||
| Charalampos Stratakis | 2021-06-16 21:26:43 UTC | Depends On | 1969514 | |
| Charalampos Stratakis | 2021-07-01 13:14:26 UTC | CC | cstratak, tcullum | |
| Flags | needinfo?(tcullum) | |||
| Todd Cullum | 2021-07-02 21:24:34 UTC | Flags | needinfo?(tcullum) | |
| Tomas Hoger | 2021-08-20 14:56:33 UTC | Summary | CVE-2020-36242 python-cryptography: certain sequences of update() calls when symmetrically encrypting very large payloads could result in an integer overflow and lead to buffer overflows | CVE-2020-36242 python-cryptography: Large inputs for symmetric encryption can trigger integer overflow leading to buffer overflow |
| errata-xmlrpc | 2021-08-24 08:09:07 UTC | Link ID | Red Hat Product Errata RHSA-2021:3254 |
Back to bug 1926226