cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions Cipher.update_into
would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable objects (such as bytes
) to be mutated, thus violating fundamental rules of Python and resulting in corrupted output. This now correctly raises an exception. This issue has been present since update_into
was originally introduced in cryptography 1.8.
{ "availability": "No subscription required", "ubuntu_priority": "low", "binaries": [ { "python-cryptography": "2.8-3ubuntu0.2", "python-cryptography-dbgsym": "2.8-3ubuntu0.2", "python-cryptography-doc": "2.8-3ubuntu0.2", "python3-cryptography": "2.8-3ubuntu0.2", "python3-cryptography-dbgsym": "2.8-3ubuntu0.2" } ] }