From Newsgroup: comp.lang.python.announce
PyCA cryptography 46.0.0 has been released to PyPI. cryptography includes
both high level recipes and low level interfaces to common
cryptographic algorithms
such as symmetric ciphers, asymmetric algorithms, message digests, X.509,
key derivation functions, and much more. We support Python 3.8+, and PyPy3 3.11.
Changelog (
https://cryptography.io/en/latest/changelog/#v46-0-5)
* An attacker could create a malicious public key that reveals portions of
your private key when using certain uncommon elliptic curves (binary
curves). This version now includes additional security checks to prevent
this attack. This issue only affects binary elliptic curves, which are
rarely used in real-world applications. Credit to **XlabAI Team of Tencent Xuanwu Lab and Atuin Automated Vulnerability Discovery Engine** for
reporting the issue. **CVE-2026-26007**
* Support for SECT binary elliptic curves is deprecated and will be removed
in the next release.
-Paul Kehrer (reaperhulk)
--- Synchronet 3.21b-Linux NewsLink 1.2