[ubuntu/focal-security] cryptojs 3.1.2+dfsg-2ubuntu0.20.04.1 (Accepted)
Emilia Torino
emilia.torino at canonical.com
Thu Apr 25 15:24:09 UTC 2024
cryptojs (3.1.2+dfsg-2ubuntu0.20.04.1) focal-security; urgency=medium
* SECURITY UPDATE: weak hash algorithm (SHA1) and iterations (1) in PBKDF2.
- debian/build: include SHA256 as dependency instead of SHA1.
- debian/patches/CVE-2023-46233.patch: modify default PBKDF2 configurations
to use SHA256 and 250k iterations.
- CVE-2023-46233.
Date: 2024-04-24 15:53:09.899587+00:00
Changed-By: Federico Quattrin <federico.quattrin at canonical.com>
Signed-By: Emilia Torino <emilia.torino at canonical.com>
https://launchpad.net/ubuntu/+source/cryptojs/3.1.2+dfsg-2ubuntu0.20.04.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the Focal-changes
mailing list