Control: reassign -1 duplicity 0.6.24-1 Control: reassign 851474 duplicity 0.6.24-1
On 2017-01-16 17:39:41, Alexander Zangerl wrote: > reassign 851551 python-crypto > thanks No, this is a bug in duplicity. If you see this warning, duplicity (or whichever part of the its dependencies use python-crypto) uses AES in CTR mode incorrectly allowing a potential attacker to cause buffer overflows any maybe exploit them. Reassinging to duplicity. Please fix the use of AES-CTR. Cheers > > On Mon, 16 Jan 2017 09:05:15 +0200, Antonis Christofides writes: > >Content-Transfer-Encoding: 7bit > > > >Package: duplicity > >Version: 0.6.24-1 > >Severity: normal > > > >Hello, > > > >I'm not certain this problem is in duplicity or in python-crypto. Since > >yesterday's update to Debian 8.7, all my servers (including the one from > >which > >I'm reporting this) throw this message when running duplicity with -v2: > > > -- > Alexander Zangerl + GPG Key 2FCCF66BB963BD5F + http://snafu.priv.at/ > Es ist nichts so absurd, daß Gläubige es nicht glaubten. > Oder Beamte täten. -- Arno Schmidt -- Sebastian Ramacher
signature.asc
Description: PGP signature
