Bug#849698: jessie-pu: package python-crypto/2.6.1-5+deb8u1
Control: tags -1 + moreinfo
On Thu, 2016-12-29 at 23:15 +0100, Sebastian Ramacher wrote:
> I'd like to fix CVE-2013-7459 (#849495) in jessie via the next point release.
> The issue was marked as no-dsa.
>
> The proposed debdiff is attached. The same patch was applied to the package in
> unstable.
+ * Throw exception when IV is used with ECB or CTR (CVE-2013-7459)
Do we know if any packages currently in Debian misuse the functions in
that way? (I realise that any that do are broken, but I'd prefer to find
that out /before/ releasing an point release that makes them explode if
possible.)
Regards,
Adam
Reply to: