Format: 1.8
Date: Wed, 24 Apr 2024 11:46:50 -0300
Source: cryptojs
Architecture: source
Version: 3.1.2+dfsg-2ubuntu0.20.04.1
Distribution: focal-security
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
Changed-By: Federico Quattrin <federico.quattrin@canonical.com>
Changes:
 cryptojs (3.1.2+dfsg-2ubuntu0.20.04.1) focal-security; urgency=medium
 .
   * SECURITY UPDATE: weak hash algorithm (SHA1) and iterations (1) in PBKDF2.
     - debian/build: include SHA256 as dependency instead of SHA1.
     - debian/patches/CVE-2023-46233.patch: modify default PBKDF2 configurations
       to use SHA256 and 250k iterations.
     - CVE-2023-46233.
Checksums-Sha1:
 ade92df351f7033f8f7b0595c9c04fd5ea119fc1 2096 cryptojs_3.1.2+dfsg-2ubuntu0.20.04.1.dsc
 d4a1b2b48d2a139f283868d3ce9402a14c0bcfa9 4508 cryptojs_3.1.2+dfsg-2ubuntu0.20.04.1.debian.tar.xz
 a21151c70105380c15ef09c50dd0fe3e2c4eb436 7680 cryptojs_3.1.2+dfsg-2ubuntu0.20.04.1_source.buildinfo
Checksums-Sha256:
 c8b271442d1d9a59af652daa31b57ebbc66af39062ec9b168d7c68a3b6f090ce 2096 cryptojs_3.1.2+dfsg-2ubuntu0.20.04.1.dsc
 d214551e0e67890a6bcc061658e48aea5e445c8313a9f87a884ee0db1e4457e2 4508 cryptojs_3.1.2+dfsg-2ubuntu0.20.04.1.debian.tar.xz
 a7337d1d05b6c9213a3782f01f8e45f6ced0ee344ea1b794b6f4195ba95753eb 7680 cryptojs_3.1.2+dfsg-2ubuntu0.20.04.1_source.buildinfo
Files:
 7df327b111e3c779ef3c2b30e7a46a74 2096 web extra cryptojs_3.1.2+dfsg-2ubuntu0.20.04.1.dsc
 03cd19f3361e7050492a98d1b035d6e2 4508 web extra cryptojs_3.1.2+dfsg-2ubuntu0.20.04.1.debian.tar.xz
 117e38844581633f96075a7af6b1f649 7680 web extra cryptojs_3.1.2+dfsg-2ubuntu0.20.04.1_source.buildinfo
Original-Maintainer: Laszlo Boszormenyi (GCS) <gcs@debian.org>