[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 773-2] python-crypto regression update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : python-crypto
Version        : 2.6-4+deb7u5
CVE ID         : CVE-2013-7459
Debian Bug     : #849495, #850025, #850077

It was discovered that there was a regression in the recent update to
python-crypto, a cryptographic algorithms and protocols for Python.

We now raise a warning (not an error) on invalid input to avoid regressions in
python-paramiko, duplicity. etc. introduced in in 2.6-4+deb7u4. Thanks to
Salvatore Bonaccorso and Sebastian Ramacher.

For Debian 7 "Wheezy", this issue has been fixed in python-crypto version
2.6-4+deb7u5.

We recommend that you upgrade your python-crypto packages.


Regards,

- -- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlhtLhMACgkQHpU+J9Qx
HljBqA//Wf9zoLNknEIOAH07GZSzrntPhaAYZzFA60BlfCjFmZHPp228T2A0QN3Y
XAQEvuFR6xiiMAtmyACZcN73ry0C0lXm4ITl0cIqVf1plzymQP3XyTTxaWeoB+Bt
Z8Z84EWR83MHDZXvH1893kkuZRIC4mgrACpP1AYnM+viYB7cS34kegi0FmUHzPxq
UzF/98TqnPiKym/46y2PyEYz/kitJe98hL5I3rgbihGZJrbBXLOcbbhzKDBMcfUM
bQ91YxqnaDyf/7/ZknjSHj1DEqsKMSDSmysj8j3Tjp4SCKG8W9S2vOBJ3aQuWI+K
6OZ2YeOgiLnruhTNx8KP8DTCFobZPFokFWDab5n0qfLnojPYwPsc3MyEfmmZ9EOa
dChGGSf+0sgaIzPm7MW0Qb4nsIYDnGeux53WAPcqiXh1d5CQ8C/7w+N9jUr2cFGa
0j705MCQ9SxQsGIXiOkfeSEMkMQccIa6aXah5pI+aGOzpXnBJW2PUJYAIaovVySd
YoB9DPOpLqJxL5zpcz+JsSoi5GOtrsWtwigm5l579AyNOGQEDvvDmTmCQB2F2VCs
Ybr3+wvIQ07kqXKyHbDGOmhfcngEJjoTG7V8aMG6DwbpXJBFIPXjyjRI4IdCSwkN
ZOhyPo59igJErR4lNEsQ0oaCjbV08eo7jzneRaLDMfDZfVJDLxE=
=ohV5
-----END PGP SIGNATURE-----


Reply to: