FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

py-cryptography -- vulnerable HKDF key generation

Affected packages
py27-cryptography < 1.5.3
py33-cryptography < 1.5.3
py34-cryptography < 1.5.3
py35-cryptography < 1.5.3

Details

VuXML ID e5dcb942-ba6f-11e6-b1cf-14dae9d210b8
Discovery 2016-11-05
Entry 2016-12-04
Modified 2016-12-06

Alex Gaynor reports:

Fixed a bug where ``HKDF`` would return an empty byte-string if used with a ``length`` less than ``algorithm.digest_size``.

References

CVE Name CVE-2016-9243
FreeBSD PR ports/214915
URL https://github.com/pyca/cryptography/commit/b94cacf2ae6e75e4007a79709bbf5360435b512d