Closed
Bug 1484268
Opened 6 years ago
Closed 6 years ago
Update python module for mitmproxy due to security vulnerability
Categories
(Testing :: Talos, enhancement)
Tracking
(firefox63 fixed)
RESOLVED
FIXED
mozilla63
Tracking | Status | |
---|---|---|
firefox63 | --- | fixed |
People
(Reporter: sfraser, Assigned: sfraser)
References
Details
Attachments
(1 file)
from `mach python-safety` /Users/sfraser/hg.m.o/mozilla-unified/testing/talos/talos/mitmproxy/mitmproxy_requirements.txt FAIL cryptography - cryptography installed:1.8.2 affected:<=2.2.2 description:python-cryptography versions >=1.9.0 and <2.3 did not enforce a minimum tag length for finalize_with_tag API. If a user did not validate the input length prior to passing it to finalize_with_tag an attacker could craft an invalid payload with a shortened tag (e.g. 1 byte) such that they would have a 1 in 256 chance of passing the MAC check. GCM tag forgeries can cause key leakage. FAIL /Users/sfraser/hg.m.o/mozilla-unified/testing/talos/talos/mitmproxy/mitmproxy_requirements.txt - cryptography
Assignee | ||
Comment 1•6 years ago
|
||
Assignee | ||
Updated•6 years ago
|
Assignee: nobody → sfraser
Comment 2•6 years ago
|
||
Comment on attachment 9002004 [details] Bug 1484268 Update cryptography for mitmproxy r=rwood Robert Wood [:rwood] has approved the revision.
Attachment #9002004 -
Flags: review+
Assignee | ||
Comment 3•6 years ago
|
||
https://treeherder.mozilla.org/#/jobs?repo=try&revision=4f52900085474a630944974a72be4b535234d081 is looking good. Will land it now
Pushed by sfraser@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/2c6eaa99679f Update cryptography for mitmproxy r=rwood
Comment 5•6 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/2c6eaa99679f
Status: NEW → RESOLVED
Closed: 6 years ago
status-firefox63:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla63
You need to log in
before you can comment on or make changes to this bug.
Description
•