Nixpkgs security tracker

Login with GitHub

⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestion detail

Untriaged

Permalink CVE-2026-34073

created 2 weeks ago

cryptography has incomplete DNS name constraint enforcement on peer names

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Prior to version 46.0.6, DNS name constraints were only validated against SANs within child certificates, and not the "peer name" presented during each validation. Consequently, cryptography would allow a peer named bar.example.com to validate against a wildcard leaf certificate for *.example.com, even if the leaf's parent certificate (or upwards) contained an excluded subtree constraint for bar.example.com. This issue has been patched in version 46.0.6.

References

https://github.com/pyca/cryptography/security/advisories/GHSA-m959-cc7f-wv43 x_refsource_CONFIRM

Affected products

cryptography

==< 46.0.6

Matching in nixpkgs

pkgs.python312Packages.cryptography

Package which provides cryptographic recipes and primitives

nixos-25.11 46.0.5
- nixos-25.11-small 46.0.5
- nixpkgs-25.11-darwin 46.0.5

pkgs.python313Packages.cryptography

Package which provides cryptographic recipes and primitives

nixos-unstable 46.0.5
- nixpkgs-unstable 46.0.5
- nixos-unstable-small 46.0.5
nixos-25.11 46.0.5
- nixos-25.11-small 46.0.5
- nixpkgs-25.11-darwin 46.0.5

pkgs.python314Packages.cryptography

Package which provides cryptographic recipes and primitives

nixos-unstable 46.0.5
- nixpkgs-unstable 46.0.5
- nixos-unstable-small 46.0.5

pkgs.python312Packages.django-cryptography

Set of primitives for performing cryptography in Django

nixos-25.11 1.1
- nixos-25.11-small 1.1
- nixpkgs-25.11-darwin 1.1

pkgs.python313Packages.django-cryptography

Set of primitives for performing cryptography in Django

nixos-unstable 1.1-unstable-2024-02-16
- nixpkgs-unstable 1.1-unstable-2024-02-16
- nixos-unstable-small 1.1-unstable-2024-02-16
nixos-25.11 1.1
- nixos-25.11-small 1.1
- nixpkgs-25.11-darwin 1.1

pkgs.python314Packages.django-cryptography

Set of primitives for performing cryptography in Django

nixos-unstable 1.1-unstable-2024-02-16
- nixpkgs-unstable 1.1-unstable-2024-02-16
- nixos-unstable-small 1.1-unstable-2024-02-16

pkgs.python312Packages.mypy-boto3-payment-cryptography

Type annotations for boto3 payment-cryptography

nixos-25.11 boto3-payment-cryptography-1.41.0
- nixos-25.11-small boto3-payment-cryptography-1.41.0
- nixpkgs-25.11-darwin boto3-payment-cryptography-1.41.0

pkgs.python313Packages.mypy-boto3-payment-cryptography

Type annotations for boto3 payment-cryptography

nixos-unstable boto3-payment-cryptography-1.42.12
- nixpkgs-unstable boto3-payment-cryptography-1.42.12
- nixos-unstable-small boto3-payment-cryptography-1.42.12
nixos-25.11 boto3-payment-cryptography-1.41.0
- nixos-25.11-small boto3-payment-cryptography-1.41.0
- nixpkgs-25.11-darwin boto3-payment-cryptography-1.41.0

pkgs.python314Packages.mypy-boto3-payment-cryptography

Type annotations for boto3 payment-cryptography

nixos-unstable boto3-payment-cryptography-1.42.12
- nixpkgs-unstable boto3-payment-cryptography-1.42.12
- nixos-unstable-small boto3-payment-cryptography-1.42.12

pkgs.python312Packages.mypy-boto3-payment-cryptography-data

Type annotations for boto3 payment-cryptography-data

nixos-25.11 boto3-payment-cryptography-data-1.41.0
- nixos-25.11-small boto3-payment-cryptography-data-1.41.0
- nixpkgs-25.11-darwin boto3-payment-cryptography-data-1.41.0

pkgs.python313Packages.mypy-boto3-payment-cryptography-data

Type annotations for boto3 payment-cryptography-data

nixos-unstable boto3-payment-cryptography-data-1.42.12
- nixpkgs-unstable boto3-payment-cryptography-data-1.42.12
- nixos-unstable-small boto3-payment-cryptography-data-1.42.12
nixos-25.11 boto3-payment-cryptography-data-1.41.0
- nixos-25.11-small boto3-payment-cryptography-data-1.41.0
- nixpkgs-25.11-darwin boto3-payment-cryptography-data-1.41.0

pkgs.python314Packages.mypy-boto3-payment-cryptography-data

Type annotations for boto3 payment-cryptography-data

nixos-unstable boto3-payment-cryptography-data-1.42.12
- nixpkgs-unstable boto3-payment-cryptography-data-1.42.12
- nixos-unstable-small boto3-payment-cryptography-data-1.42.12

pkgs.python312Packages.types-aiobotocore-payment-cryptography

Type annotations for aiobotocore payment-cryptography

nixos-25.11 2.25.2
- nixos-25.11-small 2.25.2
- nixpkgs-25.11-darwin 2.25.2

pkgs.python313Packages.types-aiobotocore-payment-cryptography

Type annotations for aiobotocore payment-cryptography

nixos-unstable 3.2.1
- nixpkgs-unstable 3.2.1
- nixos-unstable-small 3.2.1
nixos-25.11 2.25.2
- nixos-25.11-small 2.25.2
- nixpkgs-25.11-darwin 2.25.2

pkgs.python312Packages.types-aiobotocore-payment-cryptography-data

Type annotations for aiobotocore payment-cryptography-data

nixos-25.11 2.25.2
- nixos-25.11-small 2.25.2
- nixpkgs-25.11-darwin 2.25.2

pkgs.python313Packages.types-aiobotocore-payment-cryptography-data

Type annotations for aiobotocore payment-cryptography-data

nixos-unstable 3.2.1
- nixpkgs-unstable 3.2.1
- nixos-unstable-small 3.2.1
nixos-25.11 2.25.2
- nixos-25.11-small 2.25.2
- nixpkgs-25.11-darwin 2.25.2

Package maintainers

@SuperSandro2000 Sandro Jäckel <sandro.jaeckel@gmail.com>
@centromere Alex Wied <nix@centromere.net>
@fabaff Fabian Affolter <mail@fabian-affolter.ch>
@mbalatsko Maksym Balatsko <mbalatsko@gmail.com>
@mdaniels5757 Michael Daniels <nix@mdaniels.me>