[AUTOPATCHER-CORE] Upgrade python-ecdsa to 0.19.2 for CVE-2026-33936 (#16343)

CBL-Mariner-Bot · Kanishk Bansal · jslobodzian · web-flow · commit d7ca6c212bb4 · 2026-04-07T12:44:54.000-04:00
Signed-off-by: Kanishk Bansal &lt;kanbansal@microsoft.com&gt;
Co-authored-by: Kanishk Bansal &lt;kanbansal@microsoft.com&gt;
Co-authored-by: jslobodzian &lt;joslobo@microsoft.com&gt;
diff --git a/SPECS/python-ecdsa/308.patch b/SPECS/python-ecdsa/308.patch
diff --git a/SPECS/python-ecdsa/python-ecdsa.signatures.json b/SPECS/python-ecdsa/python-ecdsa.signatures.json
@@ -1,5 +1,5 @@
 {
   "Signatures": {
-    "python-ecdsa-0.18.0.tar.gz": "5d33bcc7c45be2d0bf0bd7d3a1e6502fac16efde1b69bc988c9a3ee7680c17d7"
+    "python-ecdsa-0.19.2.tar.gz": "4b5fa1dfa5de5bb4f5a9872d6e8b2ad53b236a71b3369690d3b9625b24f73d80"
   }
 }
diff --git a/SPECS/python-ecdsa/python-ecdsa.spec b/SPECS/python-ecdsa/python-ecdsa.spec
@@ -1,14 +1,13 @@
 Summary:        ECDSA cryptographic signature library (pure python)
 Name:           python-ecdsa
-Version:        0.18.0
-Release:        2%{?dist}
+Version:        0.19.2
+Release:        1%{?dist}
 License:        MIT
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
 Group:          System Environment/Security
 URL:            https://pypi.python.org/pypi/ecdsa
 Source0:        https://github.com/tlsfuzzer/%{name}/archive/refs/tags/%{name}-%{version}.tar.gz
-Patch0:         308.patch
 BuildRequires:  openssl
 BuildRequires:  python3-devel
 BuildRequires:  python3-setuptools
@@ -56,6 +55,10 @@ into other protocols.
 %{python3_sitelib}/*
 
 %changelog
+* Sat Mar 28 2026 CBL-Mariner Servicing Account <cblmargh@microsoft.com> - 0.19.2-1
+- Auto-upgrade to 0.19.2 - for CVE-2026-33936
+- Remove PR-308 patch.
+
 * Tue Apr 15 2024 Riken Maharjan <rmaharjan@microsoft.com> - 0.18.0-2
 - Fix Ptest by importing 308 patch from Fedora (License:MIT)
 - Add missing test packages
diff --git a/cgmanifest.json b/cgmanifest.json
@@ -22833,8 +22833,8 @@
         "type": "other",
         "other": {
           "name": "python-ecdsa",
-          "version": "0.18.0",
-          "downloadUrl": "https://github.com/tlsfuzzer/python-ecdsa/archive/refs/tags/python-ecdsa-0.18.0.tar.gz"
+          "version": "0.19.2",
+          "downloadUrl": "https://github.com/tlsfuzzer/python-ecdsa/archive/refs/tags/python-ecdsa-0.19.2.tar.gz"
         }
       }
     },

Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,5 @@`
`1`	`1`	`{`
`2`	`2`	`"Signatures": {`
`3`		`- "python-ecdsa-0.18.0.tar.gz": "5d33bcc7c45be2d0bf0bd7d3a1e6502fac16efde1b69bc988c9a3ee7680c17d7"`
	`3`	`+ "python-ecdsa-0.19.2.tar.gz": "4b5fa1dfa5de5bb4f5a9872d6e8b2ad53b236a71b3369690d3b9625b24f73d80"`
`4`	`4`	`}`
`5`	`5`	`}`
Original file line number	Diff line number	Diff line change
`@@ -22833,8 +22833,8 @@`
`22833`	`22833`	`"type": "other",`
`22834`	`22834`	`"other": {`
`22835`	`22835`	`"name": "python-ecdsa",`
`22836`		`- "version": "0.18.0",`
`22837`		`- "downloadUrl": "https://github.com/tlsfuzzer/python-ecdsa/archive/refs/tags/python-ecdsa-0.18.0.tar.gz"`
	`22836`	`+ "version": "0.19.2",`
	`22837`	`+ "downloadUrl": "https://github.com/tlsfuzzer/python-ecdsa/archive/refs/tags/python-ecdsa-0.19.2.tar.gz"`
`22838`	`22838`	`}`
`22839`	`22839`	`}`
`22840`	`22840`	`},`