Your message dated Fri, 20 Mar 2009 16:47:03 +0000
with message-id <e1lkhs7-0008qc...@ries.debian.org>
and subject line Bug#516660: fixed in python-crypto 2.0.1+dfsg1-3
has caused the Debian Bug report #516660,
regarding Buffer overflow in the PyCrypto ARC2 modules
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
516660: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=516660
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: python-crypto
Severity: grave
Tags: security
--
Name: CVE-2009-0544
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0544
Reference: MLIST:[oss-security] 20090207 CVE Request: pycrypto
Reference: URL:http://www.openwall.com/lists/oss-security/2009/02/07/1
Reference:
CONFIRM:http://gitweb2.dlitz.net/?p=crypto/pycrypto-2.x.git;a=commitdiff;h=d1c4875e1f220652fe7ff8358f56dee3b2aba31b
Reference:
CONFIRM:http://gitweb2.dlitz.net/?p=crypto/pycrypto-2.x.git;a=commitdiff;h=fd73731dfad451a81056fbb01e09aa78ab82eb5d
Reference: XF:pycrypto-arc2module-bo(48617)
Reference: URL:http://xforce.iss.net/xforce/xfdb/48617
Buffer overflow in the PyCrypto ARC2 module 2.0.1 allows remote
attackers to cause a denial of service and possibly execute arbitrary
code via a large ARC2 key length.
---
Can you prepare updated packages for oldstable-security and stable-security?
Cheers,
Moritz
-- System Information:
Debian Release: 5.0
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.26-1-686 (SMP w/1 CPU core)
Locale: LANG=C, lc_ctype=de_de.iso-8859...@euro (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash
Versions of packages python-crypto depends on:
ii python 2.5.2-3 An interactive high-level object-o
ii python-central 0.6.8 register and build utility for Pyt
python-crypto recommends no packages.
Versions of packages python-crypto suggests:
pn python-crypto-dbg <none> (no description available)
--- End Message ---
--- Begin Message ---
Source: python-crypto
Source-Version: 2.0.1+dfsg1-3
We believe that the bug you reported is fixed in the latest version of
python-crypto, which is due to be installed in the Debian FTP archive:
python-crypto-dbg_2.0.1+dfsg1-3_amd64.deb
to pool/main/p/python-crypto/python-crypto-dbg_2.0.1+dfsg1-3_amd64.deb
python-crypto_2.0.1+dfsg1-3.diff.gz
to pool/main/p/python-crypto/python-crypto_2.0.1+dfsg1-3.diff.gz
python-crypto_2.0.1+dfsg1-3.dsc
to pool/main/p/python-crypto/python-crypto_2.0.1+dfsg1-3.dsc
python-crypto_2.0.1+dfsg1-3_amd64.deb
to pool/main/p/python-crypto/python-crypto_2.0.1+dfsg1-3_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 516...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Andreas Rottmann <ro...@debian.org> (supplier of updated python-crypto package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Fri, 20 Mar 2009 17:10:55 +0100
Source: python-crypto
Binary: python-crypto python-crypto-dbg
Architecture: source amd64
Version: 2.0.1+dfsg1-3
Distribution: unstable
Urgency: low
Maintainer: Andreas Rottmann <ro...@debian.org>
Changed-By: Andreas Rottmann <ro...@debian.org>
Description:
python-crypto - cryptographic algorithms and protocols for Python
python-crypto-dbg - cryptographic algorithms and protocols for Python (debug
extensio
Closes: 516660
Changes:
python-crypto (2.0.1+dfsg1-3) unstable; urgency=low
.
* Acknowlege NMUs.
* Apply fix for CVE-2009-0544 (Buffer overflow in the ARC2 module), and
a stand-alone version of the associated testcase (see
http://www.openwall.com/lists/oss-security/2009/02/07/1).
Closes: #516660.
Checksums-Sha1:
15762860776db6b58c6af847219484d3fd34613c 1258 python-crypto_2.0.1+dfsg1-3.dsc
4a78091cdf18b8ae6bd8a9a829a1c8d7399964b4 10097
python-crypto_2.0.1+dfsg1-3.diff.gz
f1967439d7c671d840a334fb5a77bb6f21f44847 239330
python-crypto_2.0.1+dfsg1-3_amd64.deb
418c9346b1648ed7928f6304523210792ad96c7e 563108
python-crypto-dbg_2.0.1+dfsg1-3_amd64.deb
Checksums-Sha256:
d806723e99e5a988542a7ef6e23fd195123b7d3f48ab791b695cacb026e76ed8 1258
python-crypto_2.0.1+dfsg1-3.dsc
9686dea692df05f9debee999884308ea2c8ab34bad67414a72ecbc345dc8d067 10097
python-crypto_2.0.1+dfsg1-3.diff.gz
b9ee2c41a50ea05454fc6d32c51ef3573814b085db879a1a12a687f69a87e00d 239330
python-crypto_2.0.1+dfsg1-3_amd64.deb
a3bd6185324a8f4ec1798dc0640406f8f3f151799b6cd0b31dcc76c8b6479947 563108
python-crypto-dbg_2.0.1+dfsg1-3_amd64.deb
Files:
53a31546541140fe6c7174024c38a490 1258 python optional
python-crypto_2.0.1+dfsg1-3.dsc
e943ae584fee4d25406ff6b94166eb05 10097 python optional
python-crypto_2.0.1+dfsg1-3.diff.gz
a7010923a342423e2f84906c4731ed8f 239330 python optional
python-crypto_2.0.1+dfsg1-3_amd64.deb
0196b26ef95f7091f643ef7a6ed9e89d 563108 python extra
python-crypto-dbg_2.0.1+dfsg1-3_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAknDxI8ACgkQIsgn9zWpkufR5QCgnyRH8p5N7rO+E3Cl3i/wYwUv
SsQAn3tlPk+GQyKMMr79gO8XwqJOrZRE
=3k6F
-----END PGP SIGNATURE-----
--- End Message ---
