CVE-2023-49083 was announced on November 29: https://www.openwall.com/lists/oss-security/2023/11/29/2 Mageia 8 and 9 are also affected.
Whiteboard: (none) => MGA9TOO, MGA8TOOSource RPM: (none) => python-cryptography-41.0.4-2.mga10.src.rpm
I have noted the URL about a fix proposed but debated, ongoing, and may want a Github account to follow. Assigning to Python team, CC'ing Jani & Yves who have done recent versions.
URL: (none) => https://github.com/pyca/cryptography/pull/9926CC: (none) => jani.valimaa, yvesbrungardAssignee: bugsquad => pythonStatus comment: (none) => Patch in progress
CVE: (none) => CVE-2023-49083
Ubuntu has issued an advisory on March 5: https://ubuntu.com/security/notices/USN-6673-1
Whiteboard: MGA9TOO, MGA8TOO => MGA9TOOCVE: CVE-2023-49083 => CVE-2023-49083, CVE-2023-50782, CVE-2024-26130Summary: python-cryptography new security issue CVE-2023-49083 => python-cryptography new security issues CVE-2023-49083, CVE-2023-50782 and CVE-2024-26130Status comment: Patch in progress => Patches available from Ubuntu and upstream
Status comment: Patches available from Ubuntu and upstream => (none)Assignee: python => qa-bugs
Sorry, mismatch in report, restoring data
Assignee: qa-bugs => pythonStatus comment: (none) => Patches available from Ubuntu and upstream