[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 773-1] python-crypto security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : python-crypto
Version        : 2.6-4+deb7u4
CVE ID         : CVE-2013-7459
Debian Bug     : 849495

It was discovered that there was a vulnerability in python-crypto, a library of
cryptographic algorithms and protocols for Python. Calling AES.new with an
invalid parameter could crash the Python interpreter:

  <https://github.com/dlitz/pycrypto/issues/176>


For Debian 7 "Wheezy", this issue has been fixed in python-crypto version
2.6-4+deb7u4.

We recommend that you upgrade your python-crypto packages.


Regards,

- -- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlho5McACgkQHpU+J9Qx
HlguvBAAxvwxrC17S+UgmDkK51Ylm5i2W1suwwEvdl0uu7O+A09ok/WxPMuUWb4O
Er5y38Esl88udV9AX7rWWcNGJy83vW8rix/8vMmq0LHI6SNXZnarCp811IDAg8Iz
1JD8jr9D8siaBITH4wtY7B7fimVos5PG+vPa+IF+QP+JcvBZzMCZ2DxJiEJDM6BN
JSQlyIaKj86GY+oLn3JWNvwJFt77umgz+FcOfnk2K0eStPbs11JucZSPg+aqMDa0
udyZ3OsPJcfI4DRLy1rRLC+AnFbyhgdRwtajWtUt6KSE74veEkTccv4WdWMvRULe
kycEfcTpRkAIdYYMCQkzoVkT5+OkgHm6rar6yz1l2ap4HVx9sOhj05I9ml9RLnvN
Pz+qiEBWB2QWcXZqMkhQQXuetnlcPfefom3rxnN5F2LtE2RAF6GF9AF9jx1FGcg6
hkPpXC/gwKPEbjo/IAdk+KfY0n/fuzq+lH8cH5LN7Yo/RQj/4/kjFkIOKAdg+TFw
LerCHzIwYZ+zsYSKrV3/MmPU5gB/jAwii5p/Djk7PYpAZFGGN4dCKoWlsB9lc2ok
WJPCoTElmybgLH1dvU7ZNLsImFutD6ZZbb/9nZAANbZVM0XQTkV6FSStlS068aVq
/Bz39jbT3LgvGW3C7sRCMqRICKSjJyGHRyKVC1BbVshbLUYcBMY=
=N4zM
-----END PGP SIGNATURE-----
Reply to: