Closed Bug 1484268 Opened 4 years ago Closed 4 years ago
Update python module for mitmproxy due to security vulnerability
46 bytes, text/x-phabricator-request
|Details | Review|
from `mach python-safety` /Users/sfraser/hg.m.o/mozilla-unified/testing/talos/talos/mitmproxy/mitmproxy_requirements.txt FAIL cryptography - cryptography installed:1.8.2 affected:<=2.2.2 description:python-cryptography versions >=1.9.0 and <2.3 did not enforce a minimum tag length for finalize_with_tag API. If a user did not validate the input length prior to passing it to finalize_with_tag an attacker could craft an invalid payload with a shortened tag (e.g. 1 byte) such that they would have a 1 in 256 chance of passing the MAC check. GCM tag forgeries can cause key leakage. FAIL /Users/sfraser/hg.m.o/mozilla-unified/testing/talos/talos/mitmproxy/mitmproxy_requirements.txt - cryptography
Comment on attachment 9002004 [details] Bug 1484268 Update cryptography for mitmproxy r=rwood Robert Wood [:rwood] has approved the revision.
Attachment #9002004 - Flags: review+
https://treeherder.mozilla.org/#/jobs?repo=try&revision=4f52900085474a630944974a72be4b535234d081 is looking good. Will land it now
Pushed by firstname.lastname@example.org: https://hg.mozilla.org/integration/autoland/rev/2c6eaa99679f Update cryptography for mitmproxy r=rwood
You need to log in before you can comment on or make changes to this bug.