Your message dated Fri, 06 Jan 2017 23:32:13 +0000 with message-id <e1cpdzz-00024r...@fasolo.debian.org> and subject line Bug#849495: fixed in python-crypto 2.6.1-5+deb8u1 has caused the Debian Bug report #849495, regarding python-crypto: CVE-2013-7459 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 849495: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=849495 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: python-crypto Version: 2.6.1-5 Severity: grave Tags: patch upstream security Justification: user security hole Forwarded: https://github.com/dlitz/pycrypto/issues/176 Hi, the following vulnerability was published for python-crypto. CVE-2013-7459[0]: Buffer overflow A reporducer can be found on upstream issue. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2013-7459 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7459 [1] https://github.com/dlitz/pycrypto/issues/176 [2] https://github.com/dlitz/pycrypto/commit/8dbe0dc3eea5c689d4f76b37b93fe216cf1f00d4 [3] https://marc.info/?l=oss-security&m=148280482630855&w=2 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: python-crypto Source-Version: 2.6.1-5+deb8u1 We believe that the bug you reported is fixed in the latest version of python-crypto, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 849...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Sebastian Ramacher <sramac...@debian.org> (supplier of updated python-crypto package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Tue, 03 Jan 2017 13:56:09 +0100 Source: python-crypto Binary: python-crypto python-crypto-dbg python3-crypto python3-crypto-dbg python-crypto-doc Architecture: source amd64 all Version: 2.6.1-5+deb8u1 Distribution: jessie Urgency: high Maintainer: Sebastian Ramacher <sramac...@debian.org> Changed-By: Sebastian Ramacher <sramac...@debian.org> Description: python-crypto - cryptographic algorithms and protocols for Python python-crypto-dbg - cryptographic algorithms and protocols for Python (debug extensio python-crypto-doc - cryptographic algorithms and protocols for Python (documentation) python3-crypto - cryptographic algorithms and protocols for Python 3 python3-crypto-dbg - cryptographic algorithms and protocols for Python 3 (debug extens Closes: 849495 Changes: python-crypto (2.6.1-5+deb8u1) jessie; urgency=high . * debian/patches/CVE-2013-7459.patch: Raise a warning when IV is used with ECB or CTR and ignored the IV in that case. Thanks to Salvatore Bonaccorso for the initial patch. (CVE-2013-7459) (Closes: #849495) Checksums-Sha1: 4ebaf75d5abec48de2e18ce62b9a7786628e8012 2508 python-crypto_2.6.1-5+deb8u1.dsc 71b085826a1e529431fa17055c4fc210a0ec9de4 22344 python-crypto_2.6.1-5+deb8u1.debian.tar.xz 922831c94ed94c979c359b24a6796a90bba680d4 255796 python-crypto_2.6.1-5+deb8u1_amd64.deb 6dc1711b0233fa4958017de8741b9910f98d16df 585914 python-crypto-dbg_2.6.1-5+deb8u1_amd64.deb 19274a6f4eb67f0a0cc13087fbcc3d7b9bec0dd4 257098 python3-crypto_2.6.1-5+deb8u1_amd64.deb cdb09b85866d0ba27a74ffa1b87479ec46082c5b 591022 python3-crypto-dbg_2.6.1-5+deb8u1_amd64.deb b728494126ee105b987883ea993a89f5059ac711 88118 python-crypto-doc_2.6.1-5+deb8u1_all.deb Checksums-Sha256: 5a031aacee73beb9bca4958aef6a9fd2effde581602834bb41be35a97f2f5932 2508 python-crypto_2.6.1-5+deb8u1.dsc 8ca7d124ad0209366238c014eaa28882d332d32ec02b87b6b0d0c9821a8c23b8 22344 python-crypto_2.6.1-5+deb8u1.debian.tar.xz 54f0d0330b60f2079ff973721580cc2ec15fb6166866dcaa962a1d9f7a358e3a 255796 python-crypto_2.6.1-5+deb8u1_amd64.deb 2c6bc90ad179ee5987a42b56dae39b954a9633e6bd83cace14e640efa235f5b4 585914 python-crypto-dbg_2.6.1-5+deb8u1_amd64.deb 410a7a4eef08a6f35983f0300de1a6b069c1638492c8192a36e5c798aea5ac5a 257098 python3-crypto_2.6.1-5+deb8u1_amd64.deb b5f6ade5e5017d656fa0de886c2ac1530b5217ac1e3b7f0ab367ffbc44666d05 591022 python3-crypto-dbg_2.6.1-5+deb8u1_amd64.deb 3a6e2e3108554b513e1c7fa4eb6e3c975b2664454b54785ba43a87129dcb9d41 88118 python-crypto-doc_2.6.1-5+deb8u1_all.deb Files: fa79c736fc7888701256b69438186042 2508 python optional python-crypto_2.6.1-5+deb8u1.dsc b561e9cc00a054d03fb1495c9dd828e3 22344 python optional python-crypto_2.6.1-5+deb8u1.debian.tar.xz 129fdfa67b4316106d864de5839c78e5 255796 python optional python-crypto_2.6.1-5+deb8u1_amd64.deb ac237bf0a0010fd686d6d56bc8cead94 585914 debug extra python-crypto-dbg_2.6.1-5+deb8u1_amd64.deb 80aacceacda99d82fd8bd323b22de93a 257098 python optional python3-crypto_2.6.1-5+deb8u1_amd64.deb 8358d0d6e9a7f8a541eef66c93e99ab3 591022 debug extra python3-crypto-dbg_2.6.1-5+deb8u1_amd64.deb f66b2bfcf557c3c6cef3c061053a989d 88118 doc optional python-crypto-doc_2.6.1-5+deb8u1_all.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEE94y6B4F7sUmhHTOQafL8UW6nGZMFAlhvrpQACgkQafL8UW6n GZPbuRAAx6LjBcZAqlCD7kqeW1w4i9sp4vt8KXGgMjjBUNZbeqK1c2zYXU6P2LtO OsNss401qOOv00wlaHJdjOcACyDmN7tow3kFTNZBhb+hihJ154AM2WAgbUGz2fYe p9paM9EsPT2YLicELxOpO/4uJyvaWXGfwszrEamEpIRqogjG/W/mn3bU7syl01yK cAJxjY6BckuZPtCwPYkG76BZ6HsIpHcxVMsxP2zM7LTApSG1Lrf4gFGslUTudj6s M+Y3YZSt6qH/XrGbFwDY/9HEndFujQQJWseeasOSDD+U45OzpY/HW6SCdLGIJKgs NqQwMU6p5gnttxzIz/p7fErxxMqhvaj6wXhZ2ztB5OcrBuXeqXqpCFOivXu5tkyJ ZlzAqsi0L4yX9PRFc4J5E72/7GbpzL8wE3TPJmvcfoZcvYAjDBuXUKD/dJji1XYw sZCzuIH4PpJWSjnE/WxecSKmbMMWSIP0ALFqS36nWUaaFpHr0TEpipYGXfeLUQOO eL9ZTX4yb41f+8kZStSzeJhl4oxL8w7zBXOljhGjFXes5uKf8A9OvgpWn3tONPGw Sn9CSUewH+dGwWBZiltlEKnI3Dkj+pWPrADzWe/gtOOaRdgDtBZvu1gMRMH1FgRi ynrDN/LidH0sZjLxKdc0kkYHa0cnRM/3zcaHQ9vAuZDWRtkfWsg= =lZ9u -----END PGP SIGNATURE-----
--- End Message ---
