starred/python-xbox
1
0
Fork 0
mirror of https://github.com/tr4nt0r/python-xbox.git synced 2026-04-24 23:36:08 +03:00
Code Issues 3 Projects Releases 5 Packages Wiki Activity

[GH-ISSUE #69] Replace ecdsa with cryptography #1

New issue
Closed
opened 2026-02-28 01:19:06 +03:00 by kerem · 0 comments
kerem commented 2026-02-28 01:19:06 +03:00
Owner
Copy link

Originally created by @dotlambda on GitHub (Nov 26, 2025).
Original GitHub issue: https://github.com/tr4nt0r/python-xbox/issues/69

The ecdsa package is vulnerable to CVE-2024-23342 and shouldn't be used anyway:

I don't want people to use this library in production environments...

It's a teaching tool, it's a testing tool, it's absolutely not an production grade implementation.
I maintain it to have support for ECDH and ECDSA in tlsfuzzer, which I need to be first and foremost portable. Security does not even enter a picture for that tool.1

This repo is using Opire - what does it mean? 👇
💵 Everyone can add rewards for this issue commenting /reward 100 (replace 100 with the amount).
🕵️‍♂️ If someone starts working on this issue to earn the rewards, they can comment /try to let everyone know!
🙌 And when they open the PR, they can comment /claim #69 either in the PR description or in a PR's comment.

🪙 Also, everyone can tip any user commenting /tip 20 @dotlambda (replace 20 with the amount, and @dotlambda with the user to tip).

📖 If you want to learn more, check out our documentation.
Originally created by @dotlambda on GitHub (Nov 26, 2025). Original GitHub issue: https://github.com/tr4nt0r/python-xbox/issues/69 The ecdsa package is vulnerable to CVE-2024-23342 and shouldn't be used anyway: > I don't want people to use this library in production environments... > > It's a teaching tool, it's a testing tool, it's absolutely not an production grade implementation. > I maintain it to have support for ECDH and ECDSA in tlsfuzzer, which I need to be first and foremost portable. Security does not even enter a picture for that tool.[^1] [^1]: https://github.com/tlsfuzzer/python-ecdsa/issues/330 <br/> <hr/> <details><summary>This repo is using Opire - what does it mean? 👇</summary><br/>💵 Everyone can add rewards for this issue commenting <code>/reward 100</code> (replace <code>100</code> with the amount).<br/>🕵️‍♂️ If someone starts working on this issue to earn the rewards, they can comment <code>/try</code> to let everyone know!<br/>🙌 And when they open the PR, they can comment <code>/claim #69</code> either in the PR description or in a PR's comment.<br/><br/>🪙 Also, everyone can tip any user commenting <code>/tip 20 @dotlambda</code> (replace <code>20</code> with the amount, and <code>@dotlambda</code> with the user to tip).<br/><br/>📖 If you want to learn more, check out our <a href="https://docs.opire.dev">documentation</a>.</details>
kerem closed this issue 2026-02-28 01:19:07 +03:00
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
prerelease
fix_models
fix_people_provider
v0.2.0
v0.1.3
v0.1.2
v0.1.2rc1
v0.1.2rc0
v0.1.1
v0.1.1rc1
v0.1.1rc0
v0.1.0
v0.1.0rc4
v0.1.0rc3
v0.1.0rc2
v0.1.0rc1
v0.1.0rc0
v0.0.0
Labels
Clear labels   
👻 bug

   
🐣 good first issue

   
pull-request

Mirrored from GitHub Pull Request

No labels
👻 bug
🐣 good first issue
pull-request
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/python-xbox#1
No description provided.