PublicDateAtUSN: 2016-11-09
Candidate: CVE-2016-9243
PublicDate: 2017-03-27 17:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9243
 http://www.openwall.com/lists/oss-security/2016/11/08/6
 https://ubuntu.com/security/notices/USN-3138-1
Description:
 HKDF in cryptography before 1.5.2 returns an empty byte-string if used with
 a length less than algorithm.digest_size.
Ubuntu-Description:
Notes:
Bugs:
 https://github.com/pyca/cryptography/issues/3211
Priority: medium
Discovered-by: Markus Döring
Assigned-to: mdeslaur
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N [7.5 HIGH]

Patches_python-cryptography:
 upstream: https://github.com/pyca/cryptography/commit/b924696b2e8731f39696584d12cceeb3aeb2d874
upstream_python-cryptography: released (1.5.3-1)
precise_python-cryptography: DNE
trusty_python-cryptography: DNE
trusty/esm_python-cryptography: DNE
vivid/stable-phone-overlay_python-cryptography: DNE
vivid/ubuntu-core_python-cryptography: DNE
xenial_python-cryptography: released (1.2.3-1ubuntu0.1)
esm-infra/xenial_python-cryptography: released (1.2.3-1ubuntu0.1)
yakkety_python-cryptography: released (1.5-2ubuntu0.1)
devel_python-cryptography: not-affected (1.5.3-1)