CVE-2023-2975

Advisory

Homeassistant 2023.8.1 updates its dependency 'cryptography' to version '41.0.3' to include a fix for an Insufficient Verification of Data Authenticity vulnerability.
https://github.com/home-assistant/core/pull/97611

Affected package

Affected versions

Fixed versions

Vulnerability changelog

- Raise PlatformNotReady on initial OwnTone connection failure ([uvjustin] - [97257]) ([forked_daapd docs])
- Add overkiz battery sensor level medium ([matthieume] - [97472]) ([overkiz docs])
- Fix ZHA `turn_on` issues with `transition=0`, improve tests ([TheJulianJES] - [97539]) ([zha docs])
- Bump pyDuotecno to 2023.8.1 ([Cereal2nd] - [97583]) ([duotecno docs]) (dependency)
- Bump Cryptography to 41.0.3 for a second security fix ([blastoise186] - [97611]) (dependency)
- Waqi State unknown if value is string ([joostlek] - [97617]) ([waqi docs])
- Bump dbus-fast to 1.90.1 ([bdraco] - [97619]) ([bluetooth docs]) (dependency)
- Bump python-roborock to 0.31.1 ([Lash-L] - [97632]) ([roborock docs]) (dependency)
- Bump intents to 2023.8.2 ([synesthesiam] - [97636]) ([conversation docs]) (dependency)
- Add device naming to Yeelight ([joostlek] - [97639]) ([yeelight docs])
- Fix typo in tplink OUI ([bdraco] - [97644]) ([tplink docs])
- Revert "Add device naming to Yeelight" ([joostlek] - [97647]) ([yeelight docs])
- Enable the `PRESET_MODE` `FanEntityFeature` for VeSync air purifiers ([DuckyCrayfish] - [97657]) ([vesync docs])
- Fix tplink child plug state reporting ([bdraco] - [97658]) ([tplink docs])
- Fix date and timestamp device class in Command Line Sensor ([gjohansson-ST] - [97663]) ([command_line docs])
- Bump zeroconf to 0.72.3 ([bdraco] - [97668]) ([zeroconf docs]) (dependency)
- Bump pyatv to 0.13.3 ([bdraco] - [97670]) ([apple_tv docs]) (dependency)
- Fix color mode attribute for both official and non official Hue lights ([marcelveldt] - [97683]) ([hue docs])
- Fix UniFi image platform not loading when passphrase is missing from WLAN ([Kane610] - [97684]) ([unifi docs])
- Fix Kostal_Plenticore SELECT entities using device_info correctly ([N3rdix] - [97690]) ([kostal_plenticore docs])
- Fix freebox enumerate raid disks ([cyr-ius] - [97696]) ([freebox docs])
- Fix allow_name_translation logic ([amitfin] - [97701])
- Fix NWS twice_daily forecast day/night detection ([karwosts] - [97703]) ([nws docs])
- Bump opower to 0.0.19 ([tronikos] - [97706]) ([opower docs]) (dependency)
- Fix detection of client wan-access rule in AVM Fritz!Box Tools ([mib1185] - [97708]) ([fritz docs])
- Fix unloading KNX integration without sensors ([farmio] - [97720]) ([knx docs])
- Update zigpy to 0.56.3 ([cdce8p] - [97480]) ([zha docs]) (dependency)
- Bump zigpy to 0.56.4 ([TheJulianJES] - [97722]) ([zha docs]) (dependency)
- Fix keymitt_ble RuntimeWarning ([cdce8p] - [97729]) ([keymitt_ble docs])
- Bump zeroconf to 0.74.0 ([bdraco] - [97745]) ([zeroconf docs]) (dependency)
- Avoid calling the http access logging when logging is disabled in emulated_hue ([bdraco] - [97750]) ([emulated_hue docs])
- Bump opower to 0.0.20 ([tronikos] - [97752]) ([opower docs]) (dependency)
- Bump pyduotecno to 2023.8.3 ([Cereal2nd] - [97759]) ([duotecno docs]) (dependency)
- Add has entity name to Solarlog ([joostlek] - [97764]) ([solarlog docs])
- Fix WAQI being zero ([joostlek] - [97767]) ([waqi docs])

[97257]: https://github.com/home-assistant/core/pull/97257
[97472]: https://github.com/home-assistant/core/pull/97472
[97480]: https://github.com/home-assistant/core/pull/97480
[97539]: https://github.com/home-assistant/core/pull/97539
[97583]: https://github.com/home-assistant/core/pull/97583
[97609]: https://github.com/home-assistant/core/pull/97609
[97611]: https://github.com/home-assistant/core/pull/97611
[97617]: https://github.com/home-assistant/core/pull/97617
[97619]: https://github.com/home-assistant/core/pull/97619
[97632]: https://github.com/home-assistant/core/pull/97632
[97636]: https://github.com/home-assistant/core/pull/97636
[97639]: https://github.com/home-assistant/core/pull/97639
[97644]: https://github.com/home-assistant/core/pull/97644
[97647]: https://github.com/home-assistant/core/pull/97647
[97657]: https://github.com/home-assistant/core/pull/97657
[97658]: https://github.com/home-assistant/core/pull/97658
[97663]: https://github.com/home-assistant/core/pull/97663
[97668]: https://github.com/home-assistant/core/pull/97668
[97670]: https://github.com/home-assistant/core/pull/97670
[97683]: https://github.com/home-assistant/core/pull/97683
[97684]: https://github.com/home-assistant/core/pull/97684
[97690]: https://github.com/home-assistant/core/pull/97690
[97696]: https://github.com/home-assistant/core/pull/97696
[97701]: https://github.com/home-assistant/core/pull/97701
[97703]: https://github.com/home-assistant/core/pull/97703
[97706]: https://github.com/home-assistant/core/pull/97706
[97708]: https://github.com/home-assistant/core/pull/97708
[97720]: https://github.com/home-assistant/core/pull/97720
[97722]: https://github.com/home-assistant/core/pull/97722
[97729]: https://github.com/home-assistant/core/pull/97729
[97745]: https://github.com/home-assistant/core/pull/97745
[97750]: https://github.com/home-assistant/core/pull/97750
[97752]: https://github.com/home-assistant/core/pull/97752
[97759]: https://github.com/home-assistant/core/pull/97759
[97764]: https://github.com/home-assistant/core/pull/97764
[97767]: https://github.com/home-assistant/core/pull/97767
[Cereal2nd]: https://github.com/Cereal2nd
[DuckyCrayfish]: https://github.com/DuckyCrayfish
[Kane610]: https://github.com/Kane610
[Lash-L]: https://github.com/Lash-L
[N3rdix]: https://github.com/N3rdix
[TheJulianJES]: https://github.com/TheJulianJES
[amitfin]: https://github.com/amitfin
[bdraco]: https://github.com/bdraco
[blastoise186]: https://github.com/blastoise186
[cdce8p]: https://github.com/cdce8p
[cyr-ius]: https://github.com/cyr-ius
[farmio]: https://github.com/farmio
[frenck]: https://github.com/frenck
[gjohansson-ST]: https://github.com/gjohansson-ST
[joostlek]: https://github.com/joostlek
[karwosts]: https://github.com/karwosts
[marcelveldt]: https://github.com/marcelveldt
[matthieume]: https://github.com/matthieume
[mib1185]: https://github.com/mib1185
[synesthesiam]: https://github.com/synesthesiam
[tronikos]: https://github.com/tronikos
[uvjustin]: https://github.com/uvjustin
[apple_tv docs]: https://www.home-assistant.io/integrations/apple_tv/
[bluetooth docs]: https://www.home-assistant.io/integrations/bluetooth/
[command_line docs]: https://www.home-assistant.io/integrations/command_line/
[conversation docs]: https://www.home-assistant.io/integrations/conversation/
[duotecno docs]: https://www.home-assistant.io/integrations/duotecno/
[emulated_hue docs]: https://www.home-assistant.io/integrations/emulated_hue/
[forked_daapd docs]: https://www.home-assistant.io/integrations/forked_daapd/
[freebox docs]: https://www.home-assistant.io/integrations/freebox/
[fritz docs]: https://www.home-assistant.io/integrations/fritz/
[hue docs]: https://www.home-assistant.io/integrations/hue/
[keymitt_ble docs]: https://www.home-assistant.io/integrations/keymitt_ble/
[knx docs]: https://www.home-assistant.io/integrations/knx/
[kostal_plenticore docs]: https://www.home-assistant.io/integrations/kostal_plenticore/
[nws docs]: https://www.home-assistant.io/integrations/nws/
[opower docs]: https://www.home-assistant.io/integrations/opower/
[overkiz docs]: https://www.home-assistant.io/integrations/overkiz/
[roborock docs]: https://www.home-assistant.io/integrations/roborock/
[solarlog docs]: https://www.home-assistant.io/integrations/solarlog/
[tplink docs]: https://www.home-assistant.io/integrations/tplink/
[unifi docs]: https://www.home-assistant.io/integrations/unifi/
[vesync docs]: https://www.home-assistant.io/integrations/vesync/
[waqi docs]: https://www.home-assistant.io/integrations/waqi/
[yeelight docs]: https://www.home-assistant.io/integrations/yeelight/
[zeroconf docs]: https://www.home-assistant.io/integrations/zeroconf/
[zha docs]: https://www.home-assistant.io/integrations/zha/

Resources

• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2975