Skip to content
This repository has been archived by the owner on Nov 1, 2022. It is now read-only.

Affected by CVE-2022-37454 #29

Closed
stefanor opened this issue Oct 29, 2022 · 1 comment
Closed

Affected by CVE-2022-37454 #29

stefanor opened this issue Oct 29, 2022 · 1 comment

Comments

@stefanor
Copy link

stefanor commented Oct 29, 2022
edited
Loading

Clearly this backport module is unmaintained these days. But there are still things using it (like https://github.com/opentimestamps/python-opentimestamps).

There was a security issue (CVE-2022-37454) found in the Keccak implementation bundled, see: python/cpython#98527
@tiran
Copy link
Owner

tiran commented Nov 1, 2022

Yes, this package is affected by the buffer overflow. However I'm retiring the project. Any project should use SHA-3 from Python's hashlib module instead.

@tiran tiran closed this as completed Nov 1, 2022
@nevivurn nevivurn mentioned this issue May 19, 2023
Merged
12 tasks
@yawhide yawhide mentioned this issue Jun 10, 2023
Closed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@stefanor @tiran