[SECURITY] [DLA 773-3] python-crypto regression update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Package : python-crypto
Version : 2.6-4+deb7u6
CVE ID : CVE-2013-7459
Debian Bug : #849495, #850025, #850077
It was discovered that the previous attempt to fix the regression in
python-crypto, a cryptographic algorithms and protocols for Python, was
incorrect.
This regression was initially introduced in 2.6-4+deb7u4 and not correctly
fixed in 2.6-4+deb7u5. We now really print a warning (not raise an exception)
on invalid input. Thanks to Salvatore Bonaccorso and Sebastian Ramacher.
For Debian 7 "Wheezy", this issue has been fixed in python-crypto version
2.6-4+deb7u6.
We recommend that you upgrade your python-crypto packages.
Regards,
- --
,''`.
: :' : Chris Lamb
`. `'` lamby@debian.org / chris-lamb.co.uk
`-
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlhuI8sACgkQHpU+J9Qx
Hli5aw//SAbN8S1d2kXh/LD/J9nrDKHpYL0gz+IPBMkxLKmqhl4mp4E8Pf8nHhJH
NFYAxfQGf4OQRAA06ehhjfTokAs8TkogaIA5P+2yJUBnF0RRCY3opcwsHXj9K1tl
scWJLnwTImludrcegDTS+/aWG37C3XozXqwdRJoQPjgVtZrDZdqlW9tvXtZhaStc
0I+n/AfXgPIgjI1gOkKklUg9lHrs1Iee4k1/hTw6ScXXeYNJX8hrWafHHJai7jKu
i4HS5RzgBHlsGzj5tdKNObdAhg24iEUopbdTs0Ff/fcZuSSOe3S0MHeu5RZAqeRA
CqqQRFVW3Sk+gAQVws7PeQ3ndVH+vywNf6EK/YU62TbOxWm803MSBAgJ0hlOJsQf
bmLNmriMaqUlWmYHtrqdqHOZSkHKbh5k6WviO29o6Qu3naPsUZmSfKtG/2LxuOEp
fHaZdczWwJlxaNg1PCuVb2C2Esatfqg+KHNG1r0ehW+9psCDi1wDIAFEMsRiA4RK
u/KX8q42il+Og6ae0A5MdBsmFKHqq2uPDVrvWmriUehGpCQDNlW9nHRNF0iiYuqD
yFYZqRbCin/+O1T5rDRzuJFZEN8U8yE1trh4/tLHCCDUh5T9jk3/Lle8RP+QubgZ
ufrmow6YybFxhE6qWFJuDvWte7wYvS8JiWGVIn/4W9dbx4tdG1A=
=NMPc
-----END PGP SIGNATURE-----
Reply to: