[Security] Bump cryptography from 41.0.1 to 41.0.2 (!90) · Merge requests · HIFIS Software Deployment / CheckMK-Role

HIFIS Bot requested to merge dependabot-pip-cryptography-41.0.2 into main Jul 22, 2023

Bumps cryptography from 41.0.1 to 41.0.2. This update includes a security fix.

Vulnerabilities fixed

cryptography mishandles SSH certificates The cryptography package before 41.0.2 for Python mishandles SSH certificates that have critical options.

Patched versions: 41.0.2 Affected versions: < 41.0.2

Changelog

Sourced from cryptography's changelog.

41.0.2 - 2023-07-10


* Fixed bugs in creating and parsing SSH certificates where critical options
  with values were handled incorrectly. Certificates are now created correctly
  and parsing accepts correct values as well as the previously generated
  invalid forms with a warning. In the next release, support for parsing these
  invalid forms will be removed.
.. _v41-0-1:

Commits

7431db7 bump for 41.0.2 (#9215)
e190ef1 Backport ssh cert fix (#9211)
bb204c8 Backport: Added PyPy 3.10 to CI (#8933) (#9210)
See full diff in compare view

Admin message

[Security] Bump cryptography from 41.0.1 to 41.0.2

Merge request reports