Affected by CVE-2022-37454
stefanor opened this issue · comments
Clearly this backport module is unmaintained these days. But there are still things using it (like https://github.com/opentimestamps/python-opentimestamps).
There was a security issue (CVE-2022-37454) found in the Keccak implementation bundled, see: python/cpython#98527
Yes, this package is affected by the buffer overflow. However I'm retiring the project. Any project should use SHA-3 from Python's hashlib module instead.