Date: Tue, 23 Feb 2021 10:40:52 +0000 From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 253711] security/py-openssl issues while running certbot after 20.0.1 upgrade Message-ID: <bug-253711-7788-Iv5BwzTNzJ@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-253711-7788@https.bugs.freebsd.org/bugzilla/> References: <bug-253711-7788@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D253711 Matthew Seaman <matthew@FreeBSD.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |matthew@FreeBSD.org --- Comment #5 from Matthew Seaman <matthew@FreeBSD.org> --- If the issue with py-cryptography becoming dependent on a rust toolchain is= a=20 blocker, then a compromise might be to update py-cryptography to version 3.= 3.2 (Released on 2021-02-07) which is the last version before the rust depend= ency was introduced. See: https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst Note that was also a security fix / workaround for CVE-2020-36242, CVE-2021-23840 -- but those could also be fixed by upgrading to openssl-1.1= .1j --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-253711-7788-Iv5BwzTNzJ>