| 2022-10-30 08:44:35 |
Stefano Rivera |
bug |
|
|
added bug |
| 2022-10-30 08:44:50 |
Stefano Rivera |
bug task added |
|
pypy3 (Ubuntu) |
|
| 2022-10-30 08:46:58 |
Stefano Rivera |
bug task added |
|
python3.6 (Ubuntu) |
|
| 2022-10-30 08:47:08 |
Stefano Rivera |
bug task added |
|
python3.7 (Ubuntu) |
|
| 2022-10-30 08:47:18 |
Stefano Rivera |
bug task added |
|
python3.8 (Ubuntu) |
|
| 2022-10-30 08:48:37 |
Stefano Rivera |
nominated for series |
|
Ubuntu Focal |
|
| 2022-10-30 08:48:37 |
Stefano Rivera |
bug task added |
|
pypy3 (Ubuntu Focal) |
|
| 2022-10-30 08:48:37 |
Stefano Rivera |
bug task added |
|
python3.6 (Ubuntu Focal) |
|
| 2022-10-30 08:48:37 |
Stefano Rivera |
bug task added |
|
pysha3 (Ubuntu Focal) |
|
| 2022-10-30 08:48:37 |
Stefano Rivera |
bug task added |
|
python3.7 (Ubuntu Focal) |
|
| 2022-10-30 08:48:37 |
Stefano Rivera |
bug task added |
|
python3.8 (Ubuntu Focal) |
|
| 2022-10-30 08:48:37 |
Stefano Rivera |
nominated for series |
|
Ubuntu Jammy |
|
| 2022-10-30 08:48:37 |
Stefano Rivera |
bug task added |
|
pypy3 (Ubuntu Jammy) |
|
| 2022-10-30 08:48:37 |
Stefano Rivera |
bug task added |
|
python3.6 (Ubuntu Jammy) |
|
| 2022-10-30 08:48:37 |
Stefano Rivera |
bug task added |
|
pysha3 (Ubuntu Jammy) |
|
| 2022-10-30 08:48:37 |
Stefano Rivera |
bug task added |
|
python3.7 (Ubuntu Jammy) |
|
| 2022-10-30 08:48:37 |
Stefano Rivera |
bug task added |
|
python3.8 (Ubuntu Jammy) |
|
| 2022-10-30 08:48:37 |
Stefano Rivera |
nominated for series |
|
Ubuntu Kinetic |
|
| 2022-10-30 08:48:37 |
Stefano Rivera |
bug task added |
|
pypy3 (Ubuntu Kinetic) |
|
| 2022-10-30 08:48:37 |
Stefano Rivera |
bug task added |
|
python3.6 (Ubuntu Kinetic) |
|
| 2022-10-30 08:48:37 |
Stefano Rivera |
bug task added |
|
pysha3 (Ubuntu Kinetic) |
|
| 2022-10-30 08:48:37 |
Stefano Rivera |
bug task added |
|
python3.7 (Ubuntu Kinetic) |
|
| 2022-10-30 08:48:37 |
Stefano Rivera |
bug task added |
|
python3.8 (Ubuntu Kinetic) |
|
| 2022-10-30 08:48:37 |
Stefano Rivera |
nominated for series |
|
Ubuntu Bionic |
|
| 2022-10-30 08:48:37 |
Stefano Rivera |
bug task added |
|
pypy3 (Ubuntu Bionic) |
|
| 2022-10-30 08:48:37 |
Stefano Rivera |
bug task added |
|
python3.6 (Ubuntu Bionic) |
|
| 2022-10-30 08:48:37 |
Stefano Rivera |
bug task added |
|
pysha3 (Ubuntu Bionic) |
|
| 2022-10-30 08:48:37 |
Stefano Rivera |
bug task added |
|
python3.7 (Ubuntu Bionic) |
|
| 2022-10-30 08:48:37 |
Stefano Rivera |
bug task added |
|
python3.8 (Ubuntu Bionic) |
|
| 2022-10-30 08:48:37 |
Stefano Rivera |
nominated for series |
|
Ubuntu Lunar |
|
| 2022-10-30 08:48:37 |
Stefano Rivera |
bug task added |
|
pypy3 (Ubuntu Lunar) |
|
| 2022-10-30 08:48:37 |
Stefano Rivera |
bug task added |
|
python3.6 (Ubuntu Lunar) |
|
| 2022-10-30 08:48:37 |
Stefano Rivera |
bug task added |
|
pysha3 (Ubuntu Lunar) |
|
| 2022-10-30 08:48:37 |
Stefano Rivera |
bug task added |
|
python3.7 (Ubuntu Lunar) |
|
| 2022-10-30 08:48:37 |
Stefano Rivera |
bug task added |
|
python3.8 (Ubuntu Lunar) |
|
| 2022-10-30 08:50:22 |
Stefano Rivera |
python3.8 (Ubuntu Jammy): status |
New |
Invalid |
|
| 2022-10-30 08:50:45 |
Stefano Rivera |
python3.8 (Ubuntu Kinetic): status |
New |
Invalid |
|
| 2022-10-30 08:50:50 |
Stefano Rivera |
python3.8 (Ubuntu Lunar): status |
New |
Invalid |
|
| 2022-10-30 08:51:33 |
Stefano Rivera |
python3.7 (Ubuntu Jammy): status |
New |
Invalid |
|
| 2022-10-30 08:51:37 |
Stefano Rivera |
python3.7 (Ubuntu Focal): status |
New |
Invalid |
|
| 2022-10-30 08:51:40 |
Stefano Rivera |
python3.7 (Ubuntu Kinetic): status |
New |
Invalid |
|
| 2022-10-30 08:51:44 |
Stefano Rivera |
python3.7 (Ubuntu Lunar): status |
New |
Invalid |
|
| 2022-10-30 08:51:48 |
Stefano Rivera |
python3.6 (Ubuntu Focal): status |
New |
Invalid |
|
| 2022-10-30 08:51:53 |
Stefano Rivera |
python3.6 (Ubuntu Jammy): status |
New |
Invalid |
|
| 2022-10-30 08:51:58 |
Stefano Rivera |
python3.6 (Ubuntu Kinetic): status |
New |
Invalid |
|
| 2022-10-30 08:52:02 |
Stefano Rivera |
python3.6 (Ubuntu Lunar): status |
New |
Invalid |
|
| 2022-10-30 08:52:55 |
Stefano Rivera |
pypy3 (Ubuntu Bionic): status |
New |
Invalid |
|
| 2022-10-30 09:49:30 |
Stefano Rivera |
description |
pysha3, pypy3, python3.X are affected by CVE-2022-37454, a security issue in Keccak
https://mouha.be/sha-3-buffer-overflow/
See: https://github.com/python/cpython/issues/98517 |
pysha3, pypy3, python3.X are affected by CVE-2022-37454, a security issue in Keccak
https://mouha.be/sha-3-buffer-overflow/
See: https://github.com/python/cpython/issues/98517
Testing:
python3.X/pypy3:
import hashlib; h = hashlib.sha3_224(); h.update(b'\x01'); \ h.update(b'\x01'*0xffff_ffff); \
assert h.hexdigest() == \ '80762e8ce6700f114fec0f621fd97c4b9c00147fa052215294cceeed'
pysha3:
import sha3; h = sha3.sha3_224(); h.update(b'\x01'); \ h.update(b'\x01'*0xffff_ffff); \
assert h.hexdigest() == \ '80762e8ce6700f114fec0f621fd97c4b9c00147fa052215294cceeed' |
|
| 2022-10-30 09:49:48 |
Stefano Rivera |
description |
pysha3, pypy3, python3.X are affected by CVE-2022-37454, a security issue in Keccak
https://mouha.be/sha-3-buffer-overflow/
See: https://github.com/python/cpython/issues/98517
Testing:
python3.X/pypy3:
import hashlib; h = hashlib.sha3_224(); h.update(b'\x01'); \ h.update(b'\x01'*0xffff_ffff); \
assert h.hexdigest() == \ '80762e8ce6700f114fec0f621fd97c4b9c00147fa052215294cceeed'
pysha3:
import sha3; h = sha3.sha3_224(); h.update(b'\x01'); \ h.update(b'\x01'*0xffff_ffff); \
assert h.hexdigest() == \ '80762e8ce6700f114fec0f621fd97c4b9c00147fa052215294cceeed' |
pysha3, pypy3, python3.X are affected by CVE-2022-37454, a security issue in Keccak
https://mouha.be/sha-3-buffer-overflow/
See: https://github.com/python/cpython/issues/98517
Testing:
python3.X/pypy3:
import hashlib; h = hashlib.sha3_224(); h.update(b'\x01'); \
h.update(b'\x01'*0xffff_ffff); \
assert h.hexdigest() == \ '80762e8ce6700f114fec0f621fd97c4b9c00147fa052215294cceeed'
pysha3:
import sha3; h = sha3.sha3_224(); h.update(b'\x01'); \
h.update(b'\x01'*0xffff_ffff); \
assert h.hexdigest() == \ '80762e8ce6700f114fec0f621fd97c4b9c00147fa052215294cceeed' |
|
| 2022-10-30 09:50:14 |
Stefano Rivera |
description |
pysha3, pypy3, python3.X are affected by CVE-2022-37454, a security issue in Keccak
https://mouha.be/sha-3-buffer-overflow/
See: https://github.com/python/cpython/issues/98517
Testing:
python3.X/pypy3:
import hashlib; h = hashlib.sha3_224(); h.update(b'\x01'); \
h.update(b'\x01'*0xffff_ffff); \
assert h.hexdigest() == \ '80762e8ce6700f114fec0f621fd97c4b9c00147fa052215294cceeed'
pysha3:
import sha3; h = sha3.sha3_224(); h.update(b'\x01'); \
h.update(b'\x01'*0xffff_ffff); \
assert h.hexdigest() == \ '80762e8ce6700f114fec0f621fd97c4b9c00147fa052215294cceeed' |
pysha3, pypy3, python3.X are affected by CVE-2022-37454, a security issue in Keccak
https://mouha.be/sha-3-buffer-overflow/
See: https://github.com/python/cpython/issues/98517
Testing:
python3.X/pypy3:
import hashlib; h = hashlib.sha3_224(); h.update(b'\x01'); \
h.update(b'\x01'*0xffff_ffff); \
assert h.hexdigest() == '80762e8ce6700f114fec0f621fd97c4b9c00147fa052215294cceeed'
pysha3:
import sha3; h = sha3.sha3_224(); h.update(b'\x01'); \
h.update(b'\x01'*0xffff_ffff); \
assert h.hexdigest() == '80762e8ce6700f114fec0f621fd97c4b9c00147fa052215294cceeed' |
|
| 2022-10-30 10:04:29 |
Stefano Rivera |
attachment added |
|
pypy3-focal.debdiff https://bugs.launchpad.net/ubuntu/jammy/+source/python3.8/+bug/1995197/+attachment/5627839/+files/pypy3-focal.debdiff |
|
| 2022-10-30 10:04:46 |
Stefano Rivera |
attachment added |
|
pypy3-jammy.debdiff https://bugs.launchpad.net/ubuntu/jammy/+source/python3.8/+bug/1995197/+attachment/5627840/+files/pypy3-jammy.debdiff |
|
| 2022-10-30 10:05:01 |
Stefano Rivera |
attachment added |
|
pypy3-kinetic.debdiff https://bugs.launchpad.net/ubuntu/jammy/+source/python3.8/+bug/1995197/+attachment/5627841/+files/pypy3-kinetic.debdiff |
|
| 2022-10-30 10:27:07 |
Stefano Rivera |
attachment added |
|
pysha3-bionic.debdiff https://bugs.launchpad.net/ubuntu/jammy/+source/python3.8/+bug/1995197/+attachment/5627842/+files/pysha3-bionic.debdiff |
|
| 2022-10-30 10:27:31 |
Stefano Rivera |
attachment added |
|
pysha3-focal.debdiff https://bugs.launchpad.net/ubuntu/jammy/+source/python3.8/+bug/1995197/+attachment/5627843/+files/pysha3-focal.debdiff |
|
| 2022-10-30 10:27:58 |
Stefano Rivera |
attachment added |
|
pysha3-jammy.debdiff https://bugs.launchpad.net/ubuntu/jammy/+source/python3.8/+bug/1995197/+attachment/5627844/+files/pysha3-jammy.debdiff |
|
| 2022-10-30 10:28:27 |
Stefano Rivera |
attachment added |
|
pysha3-kinetic.debdiff https://bugs.launchpad.net/ubuntu/jammy/+source/python3.8/+bug/1995197/+attachment/5627845/+files/pysha3-kinetic.debdiff |
|
| 2022-10-30 10:29:22 |
Stefano Rivera |
pypy3 (Ubuntu Focal): status |
New |
Confirmed |
|
| 2022-10-30 10:29:41 |
Stefano Rivera |
pypy3 (Ubuntu Jammy): status |
New |
Confirmed |
|
| 2022-10-30 10:30:05 |
Stefano Rivera |
pypy3 (Ubuntu Kinetic): status |
New |
Confirmed |
|
| 2022-10-30 10:30:32 |
Stefano Rivera |
pysha3 (Ubuntu Bionic): status |
New |
Confirmed |
|
| 2022-10-30 10:30:35 |
Stefano Rivera |
pysha3 (Ubuntu Focal): status |
New |
Confirmed |
|
| 2022-10-30 10:30:38 |
Stefano Rivera |
pysha3 (Ubuntu Jammy): status |
New |
Confirmed |
|
| 2022-10-30 10:30:42 |
Stefano Rivera |
pysha3 (Ubuntu Kinetic): status |
New |
Confirmed |
|
| 2022-10-30 10:36:52 |
Stefano Rivera |
description |
pysha3, pypy3, python3.X are affected by CVE-2022-37454, a security issue in Keccak
https://mouha.be/sha-3-buffer-overflow/
See: https://github.com/python/cpython/issues/98517
Testing:
python3.X/pypy3:
import hashlib; h = hashlib.sha3_224(); h.update(b'\x01'); \
h.update(b'\x01'*0xffff_ffff); \
assert h.hexdigest() == '80762e8ce6700f114fec0f621fd97c4b9c00147fa052215294cceeed'
pysha3:
import sha3; h = sha3.sha3_224(); h.update(b'\x01'); \
h.update(b'\x01'*0xffff_ffff); \
assert h.hexdigest() == '80762e8ce6700f114fec0f621fd97c4b9c00147fa052215294cceeed' |
pysha3, pypy3, python3.X are affected by CVE-2022-37454, a security issue in Keccak
https://mouha.be/sha-3-buffer-overflow/
See: https://github.com/python/cpython/issues/98517
Testing:
python3.X/pypy3:
import hashlib; h = hashlib.sha3_224(); h.update(b'\x01'); \
h.update(b'\x01'*0xffff_ffff); \
assert h.hexdigest() == '80762e8ce6700f114fec0f621fd97c4b9c00147fa052215294cceeed'
pysha3:
import sha3; h = sha3.sha3_224(); h.update(b'\x01'); \
h.update(b'\x01'*0xffff_ffff); \
assert h.hexdigest() == '80762e8ce6700f114fec0f621fd97c4b9c00147fa052215294cceeed'
For pypy3 and pysha3, I have:
1. Verified the issues exist in the current packages, with the above tests.
2. Built the packages with the attached patches
3. Verified that the packages upgrade
4. Verified the security issues are resolved, with the above tests. |
|
| 2022-10-30 10:37:09 |
Stefano Rivera |
bug |
|
|
added subscriber Ubuntu Security Sponsors Team |
| 2022-11-15 01:24:17 |
Steve Beattie |
pypy3 (Ubuntu Lunar): status |
New |
Fix Committed |
|
| 2022-11-15 01:24:32 |
Steve Beattie |
pypy3 (Ubuntu Focal): status |
Confirmed |
In Progress |
|
| 2022-11-15 01:24:45 |
Steve Beattie |
pypy3 (Ubuntu Focal): assignee |
|
Steve Beattie (sbeattie) |
|
| 2022-11-15 01:25:03 |
Steve Beattie |
pypy3 (Ubuntu Jammy): status |
Confirmed |
In Progress |
|
| 2022-11-15 01:25:03 |
Steve Beattie |
pypy3 (Ubuntu Jammy): assignee |
|
Steve Beattie (sbeattie) |
|
| 2022-11-15 01:25:18 |
Steve Beattie |
pypy3 (Ubuntu Kinetic): status |
Confirmed |
In Progress |
|
| 2022-11-15 01:25:18 |
Steve Beattie |
pypy3 (Ubuntu Kinetic): assignee |
|
Steve Beattie (sbeattie) |
|
| 2022-11-15 01:25:36 |
Steve Beattie |
pysha3 (Ubuntu Bionic): status |
Confirmed |
In Progress |
|
| 2022-11-15 01:25:36 |
Steve Beattie |
pysha3 (Ubuntu Bionic): assignee |
|
Steve Beattie (sbeattie) |
|
| 2022-11-15 01:25:51 |
Steve Beattie |
pysha3 (Ubuntu Focal): status |
Confirmed |
In Progress |
|
| 2022-11-15 01:25:51 |
Steve Beattie |
pysha3 (Ubuntu Focal): assignee |
|
Steve Beattie (sbeattie) |
|
| 2022-11-15 01:26:07 |
Steve Beattie |
pysha3 (Ubuntu Jammy): status |
Confirmed |
In Progress |
|
| 2022-11-15 01:26:07 |
Steve Beattie |
pysha3 (Ubuntu Jammy): assignee |
|
Steve Beattie (sbeattie) |
|
| 2022-11-15 01:26:32 |
Steve Beattie |
pysha3 (Ubuntu Kinetic): status |
Confirmed |
In Progress |
|
| 2022-11-15 01:26:32 |
Steve Beattie |
pysha3 (Ubuntu Kinetic): assignee |
|
Steve Beattie (sbeattie) |
|
| 2022-12-31 17:01:09 |
Launchpad Janitor |
pypy3 (Ubuntu Lunar): status |
Fix Committed |
Fix Released |
|
| 2023-02-28 15:54:02 |
Dimitri John Ledkov |
attachment added |
|
python3.6-bionic.debdiff https://bugs.launchpad.net/ubuntu/+source/pysha3/+bug/1995197/+attachment/5650496/+files/python3.6-bionic.debdiff |
|
| 2023-03-06 13:46:17 |
Launchpad Janitor |
python3.6 (Ubuntu Bionic): status |
New |
Fix Released |
|
| 2023-03-06 13:46:17 |
Launchpad Janitor |
cve linked |
|
2022-37454 |
|
| 2023-08-04 18:23:17 |
Andreas Hasenack |
bug task deleted |
pysha3 (Ubuntu Lunar) |
|
|
| 2023-08-04 18:23:37 |
Andreas Hasenack |
pysha3 (Ubuntu Kinetic): status |
In Progress |
Won't Fix |
|
| 2023-08-10 17:59:46 |
Utkarsh Gupta |
pypy3 (Ubuntu Kinetic): status |
In Progress |
Won't Fix |
|
| 2023-08-28 22:59:24 |
Mathew Hodson |
bug task deleted |
pysha3 (Ubuntu) |
|
|
