Hi Luis,
After more analysis we found that this CVE-2023-49083 is actually affecting cryptography-3.4.7 version. We are working on backporting the fix and will upload it to AIX toolbox soon.
------------------------------
Harshith K A
------------------------------
Original Message:
Sent: Wed February 07, 2024 04:06 AM
From: Harshith K A
Subject: Current cryptography version is affected by CVE-2023-49083
Hi Luis,
cryptography-3.4.7 version is not affected by the CVE-2023-49083. This CVE is affecting the recent releases. We are not moving to the recent releases because of rust requirement.
------------------------------
Harshith K A
Original Message:
Sent: Tue February 06, 2024 06:18 PM
From: LUIS ABDEL AGUILAR JURADO
Subject: Current cryptography version is affected by CVE-2023-49083
Hi Team,
Is the cryptography
-3.4.7-4 being affected by the CVE-2023-49083? Is the fix of this vulnerability in the scope? Is there an ETA?
Security issue description PocC: NULL-dereference when loading PKCS7 certificates
Regards
------------------------------
LUIS ABDEL AGUILAR JURADO
------------------------------