CVE-2020-36242

Fixed a bug where certain sequences of update() calls when symmetrically encrypting very large payloads (>2GB) could result in an integer overflow, leading to buffer overflows. Resolves: rhbz#1926227
2021-02-08 15:30:51 +01:00 · 2021-02-08 15:30:51 +01:00 · b0108c0719
commit b0108c0719
parent 0839b656a6
2 changed files with 27 additions and 1 deletions
--- a/python-cryptography.spec
+++ b/python-cryptography.spec
@ -20,7 +20,7 @@

 Name:           python-%{srcname}
 Version:        3.2.1
-Release:        1%{?dist}
+Release:        2%{?dist}
 Summary:        PyCA's cryptography library

 License:        ASL 2.0 or BSD
@ -33,6 +33,8 @@ Source1:        %{pypi_source}.asc
 # gpg2 --export --export-options export-minimal "05FD 9FA1 6CF7 5735 0D91 A560 235A E5F1 29F9 ED98" > gpgkey-05FD_9FA1_6CF7_5735_0D91_A560_235A_E5F1_29F9_ED98.gpg
 Source2:        gpgkey-05FD_9FA1_6CF7_5735_0D91_A560_235A_E5F1_29F9_ED98.gpg

+Patch0001:      CVE-2020-36242.patch
+
 BuildRequires:  openssl-devel
 BuildRequires:  gcc
 BuildRequires:  gnupg2
@ -170,6 +172,12 @@ PYTHONPATH=%{buildroot}%{python3_sitearch} %{__python3} -m pytest -k "not (test_


 %changelog
+* Mon Feb 08 2021 Christian Heimes <cheimes@redhat.com> - 3.2.1-2
+- CVE-2020-36242: Fixed a bug where certain sequences of update() calls
+  when symmetrically encrypting very large payloads (>2GB) could result
+  in an integer overflow, leading to buffer overflows.
+- Resolves: rhbz#1926227
+
 * Wed Oct 28 2020 Christian Heimes <cheimes@redhat.com> - 3.2.1-1
 - Update to 3.2.1 (#1892153)