Control: found -1 0.2-3 On 2012-05-31 20:01:10, Sebastian Ramacher wrote: > Due to recent changes in python-crypto it has been discovered that > python-keyring's CryptedFileKeyring uses AES/CFB in an insecure way. CFB > requires an unpredictable IV, but CryptedFileKeyring doesn't even pass one. > In previous versions of python-crypto it was possible to omit the IV and it > was set to '\0' * 16 in that case. Starting with 2.6 it is mandatory to > specify an IV.
stable is also affected. Kind regards -- Sebastian Ramacher
signature.asc
Description: Digital signature
