Latest upstream release: 3.2 Current version/release in rawhide: 3.1-1.fc34 URL: http://cryptography.io/ Please consult the package updates policy before you issue an update to a stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/ More information about the service that created this bug can be found at: https://fedoraproject.org/wiki/Upstream_release_monitoring Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from anitya: https://release-monitoring.org/project/5532/
The following Sources of the specfile are not valid URLs so we cannot automatically build the new version for you. Please use URLs in your Source declarations if possible. - gpgkey-05FD_9FA1_6CF7_5735_0D91_A560_235A_E5F1_29F9_ED98.gpg
3.2 contains a fix for CVE-2020-25659 SECURITY ISSUE: Attempted to make RSA PKCS#1v1.5 decryption more constant time, to protect against Bleichenbacher vulnerabilities. Due to limitations imposed by our API, we cannot completely mitigate this vulnerability and a future release will contain a new API which is designed to be resilient to these for contexts where it is required. Credit to Hubert Kario for reporting the issue. CVE-2020-25659
FEDORA-2020-aa2b21cb38 has been pushed to the Fedora 34 stable repository. If problem still persists, please make note of it in this bug report.