[3.5] py-cryptography: HKDF might return an empty byte-string (CVE-2016-9243)
Fixed a bug where HKDF would return an empty
byte-string if used with a length less than algorithm.digest_size.
Fixed In Version:
py-cryptography 1.5.3
Reference:
http://www.openwall.com/lists/oss-security/2016/11/08/6
Patch:
https://github.com/pyca/cryptography/commit/b924696b2e8731f39696584d12cceeb3aeb2d874
(from redmine: issue id 6514, created on 2016-11-30, closed on 2016-12-15)
- Changesets:
- Revision db6fc9ad by Sergei Lukin on 2016-12-01T10:59:52Z:
main/py-cryptography: security upgrade to 1.5.3
fixes #6514
CVE-2016-9243