ASA-202102-36 log original external raw

[ASA-202102-36] python-cryptography: incorrect calculation
Arch Linux Security Advisory ASA-202102-36 ========================================== Severity: Medium Date : 2021-02-27 CVE-ID : CVE-2020-36242 Package : python-cryptography Type : incorrect calculation Remote : No Link : Summary ======= The package python-cryptography before version 3.4-1 is vulnerable to incorrect calculation. Resolution ========== Upgrade to 3.4-1. # pacman -Syu "python-cryptography>=3.4-1" The problem has been fixed upstream in version 3.4. Workaround ========== None. Description =========== In python-cryptography before version 3.3.2, certain sequences of update calls to symmetrically encrypt multiple gigabytes of data could result in an integer overflow, leading to mishandling of buffers. Impact ====== Unintentional use of the API could lead to buffer mishandling, causing application crashes or incorrectly encrypted data. References ==========