py-cryptography -- allows programmers to misuse an API
Previously, `Cipher.update_into` would accept Python objects which implement the buffer protocol, but provide only immutable buffers.
This would allow immutable objects (such as `bytes`) to be mutated, thus violating fundamental rules of Python.
This is a soundness bug -- it allows programmers to misuse an API, it cannot be exploited by attacker controlled data alone.
This now correctly raises an exception.
This issue has been present since `update_into` was originally introduced in cryptography 1.8.
Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright