4 matches found
CVE-2025-49843
conda-smithy is a tool for combining a conda recipe with configurations to build using freely hosted CI services into a single repository. Prior to version 3.47.1, the travisheaders function in the conda-smithy repository creates files with permissions exceeding 0o600, allowing read and write...
CVE-2025-49824
conda-smithy is a tool for combining a conda recipe with configurations to build using freely hosted CI services into a single repository. Prior to version 3.47.1, the travisencryptbinstartoken implementation in the conda-smithy package has been identified as vulnerable to an Oracle Padding Attac...
CVE-2025-49824 conda-smithy Insecure Encryption Vulnerable to Oracle Padding Attack
conda-smithy is a tool for combining a conda recipe with configurations to build using freely hosted CI services into a single repository. Prior to version 3.47.1, the travisencryptbinstartoken implementation in the conda-smithy package has been identified as vulnerable to an Oracle Padding Attac...
PT-2025-25762 · Unknown · Conda-Smithy
Name of the Vulnerable Software and Affected Versions: conda-smithy versions prior to 3.47.1 Description: The issue results from the use of an outdated and insecure padding scheme during RSA encryption in the travis encrypt binstar token implementation. A malicious actor with access to an oracle...