Skip to content

chore: [SECURITY] Bump PyNaCL#3281

Open
Paillat-dev wants to merge 1 commit into
masterfrom
Paillat-dev-patch-1
Open

chore: [SECURITY] Bump PyNaCL#3281
Paillat-dev wants to merge 1 commit into
masterfrom
Paillat-dev-patch-1

Conversation

@Paillat-dev

@Paillat-dev Paillat-dev commented Jun 19, 2026

Copy link
Copy Markdown
Member

Summary

See https://nvd.nist.gov/vuln/detail/CVE-2025-69277

Information

  • This PR fixes an issue.
  • This PR adds something new (e.g. new method or parameters).
  • This PR is a breaking change (e.g. methods or parameters removed/renamed).
  • This PR is not a code change (e.g. documentation, README, typehinting,
    examples, ...).

Checklist

  • I have searched the open pull requests for duplicates.
  • If code changes were made then they have been tested.
    • I have updated the documentation to reflect the changes.
  • If type: ignore comments were used, a comment is also left explaining why.
  • I have updated the changelog to include these changes.
  • AI Usage has been disclosed.
    • If AI has been used, I understand fully what the code does

@Paillat-dev
chore: [SECURITY] Bump PyNaCL
bb64524 
Signed-off-by: Paillat <paillat@pycord.dev>
@Paillat-dev Paillat-dev requested review from a team June 19, 2026 19:03
@github-project-automation github-project-automation Bot moved this to Todo in Pycord Jun 19, 2026
@Paillat-dev Paillat-dev requested a review from Lulalaby June 19, 2026 19:03
@Paillat-dev Paillat-dev requested a review from a team as a code owner June 19, 2026 19:03
@pycord-app

pycord-app Bot commented Jun 19, 2026

Copy link
Copy Markdown

Thanks for opening this pull request!
Please make sure you have read the Contributing Guidelines and Code of Conduct.

This pull request can be checked-out with:

git fetch origin pull/3281/head:pr-3281
git checkout pr-3281

This pull request can be installed with:

pip install git+https://github.com/Pycord-Development/pycord@refs/pull/3281/head

@Paillat-dev Paillat-dev requested review from DA-344 and EmmmaTech June 19, 2026 19:03
JustaSqu1d
JustaSqu1d approved these changes Jun 20, 2026
View reviewed changes

@JustaSqu1d JustaSqu1d left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

no

@vmphase

vmphase commented Jun 20, 2026

Copy link
Copy Markdown

FYI, you're not even affected by this CVE. The vulnerability itself is in libsodium's crypto_core_ed25519_is_valid_point, but pycord's pynacl usage is through nacl.secret.SecretBox (XSalsa20-Poly1305) for RTP packet encryption, which never touches the Ed25519 codepath where the bug lives.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@JustaSqu1d JustaSqu1d JustaSqu1d approved these changes
@NeloBlivion NeloBlivion Awaiting requested review from NeloBlivion NeloBlivion was automatically assigned from Pycord-Development/all-contributors
@plun1331 plun1331 Awaiting requested review from plun1331 plun1331 is a code owner automatically assigned from Pycord-Development/library-maintainers
@Lulalaby Lulalaby Awaiting requested review from Lulalaby Lulalaby was automatically assigned from Pycord-Development/maintain-infra
@EmmmaTech EmmmaTech Awaiting requested review from EmmmaTech EmmmaTech is a code owner automatically assigned from Pycord-Development/library-contributors
@DA-344 DA-344 Awaiting requested review from DA-344 DA-344 is a code owner automatically assigned from Pycord-Development/library-contributors

At least 2 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

Pycord
Status: Todo

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Paillat-dev @vmphase @JustaSqu1d