FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

py-cryptography -- vulnerable HKDF key generation

Affected packages
		py27-cryptography	<	1.5.3
		py33-cryptography	<	1.5.3
		py34-cryptography	<	1.5.3
		py35-cryptography	<	1.5.3

Details

VuXML ID	e5dcb942-ba6f-11e6-b1cf-14dae9d210b8
Discovery	2016-11-05
Entry	2016-12-04
Modified	2016-12-06

Alex Gaynor reports:

Fixed a bug where ``HKDF`` would return an empty byte-string if used with a ``length`` less than ``algorithm.digest_size``.

[source]

References

CVE Name	CVE-2016-9243
FreeBSD PR	ports/214915
URL	https://github.com/pyca/cryptography/commit/b94cacf2ae6e75e4007a79709bbf5360435b512d

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.