diff --git a/python-rsa.changes b/python-rsa.changes index 34a2ed1..10f6e96 100644 --- a/python-rsa.changes +++ b/python-rsa.changes @@ -31,23 +31,23 @@ Sat Jun 25 20:49:54 UTC 2022 - Dirk Müller ------------------------------------------------------------------- Mon Aug 23 14:46:41 UTC 2021 - Stefan Schubert -- Use libalternatives instead of update-alternatives. +- Use libalternatives instead of update-alternatives. ------------------------------------------------------------------- Tue Mar 2 00:30:30 UTC 2021 - Dirk Müller - update to 4.7.2: * Fix picking/unpickling issue introduced in 4.7 - * Fix threading issue introduced in 4.7 + * Fix threading issue introduced in 4.7 ------------------------------------------------------------------- Thu Jan 28 23:02:47 UTC 2021 - Dirk Müller -- update to 4.7: +- update to 4.7 (CVE-2020-25658 bsc#1178676): * CVE-2020-25658 - Bleichenbacher-style timing oracle in PKCS#1 v1.5 decryption code * Add padding length check as described by PKCS#1 v1.5 * Reuse of blinding factors to speed up blinding operations. - * Declare & test support for Python 3.9 + * Declare & test support for Python 3.9 ------------------------------------------------------------------- Wed Dec 9 10:45:29 UTC 2020 - Benjamin Greiner @@ -67,7 +67,7 @@ Sun Aug 16 21:04:02 UTC 2020 - John Vandenberg ------------------------------------------------------------------- Tue Jun 23 15:36:45 UTC 2020 - Dirk Mueller -- update to v 4.6.0 (bsc#1172389) +- update to 4.6.0 (CVE-2020-13757 bsc#1172389): * Choose blinding factor relatively prime to N. Thanks Christian Heimes for pointing this out. * Reject cyphertexts (when decrypting) and signatures (when verifying) that have been modified by prepending zero bytes. This resolves CVE-2020-13757. Thanks Carnil for pointing this out. * Rolled back the switch to Poetry, and reverted back to using Pipenv + setup.py for dependency management. There apparently is an issue no-binary installs of packages build with Poetry. This fixes #148