Your message dated Wed, 28 Dec 2016 11:03:34 +0000 with message-id <e1cmc18-0000ln...@fasolo.debian.org> and subject line Bug#849495: fixed in python-crypto 2.6.1-7 has caused the Debian Bug report #849495, regarding python-crypto: CVE-2013-7459 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 849495: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=849495 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: python-crypto Version: 2.6.1-5 Severity: grave Tags: patch upstream security Justification: user security hole Forwarded: https://github.com/dlitz/pycrypto/issues/176 Hi, the following vulnerability was published for python-crypto. CVE-2013-7459[0]: Buffer overflow A reporducer can be found on upstream issue. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2013-7459 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7459 [1] https://github.com/dlitz/pycrypto/issues/176 [2] https://github.com/dlitz/pycrypto/commit/8dbe0dc3eea5c689d4f76b37b93fe216cf1f00d4 [3] https://marc.info/?l=oss-security&m=148280482630855&w=2 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: python-crypto Source-Version: 2.6.1-7 We believe that the bug you reported is fixed in the latest version of python-crypto, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 849...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Sebastian Ramacher <sramac...@debian.org> (supplier of updated python-crypto package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Wed, 28 Dec 2016 11:45:21 +0100 Source: python-crypto Binary: python-crypto python-crypto-dbg python3-crypto python3-crypto-dbg python-crypto-doc Architecture: source Version: 2.6.1-7 Distribution: unstable Urgency: high Maintainer: Sebastian Ramacher <sramac...@debian.org> Changed-By: Sebastian Ramacher <sramac...@debian.org> Description: python-crypto - cryptographic algorithms and protocols for Python python-crypto-dbg - cryptographic algorithms and protocols for Python (debug extensio python-crypto-doc - cryptographic algorithms and protocols for Python (documentation) python3-crypto - cryptographic algorithms and protocols for Python 3 python3-crypto-dbg - cryptographic algorithms and protocols for Python 3 (debug extens Closes: 849495 Changes: python-crypto (2.6.1-7) unstable; urgency=high . [ Salvatore Bonaccorso ] * Throw exception when IV is used with ECB or CTR (CVE-2013-7459) (Closes: #849495) . [ Sebastian Ramacher ] * debian/control: - Bump Standards-Version. - Update Vcs-Git * debian/rules: Remove dh_strip override for automatic dbgsym packages. * debian/{control,compat}: Bump debhelper compat to 10. Checksums-Sha1: 4e1c25a5d4933c3e1f69feee8e1cc56054480778 2461 python-crypto_2.6.1-7.dsc 2af7a014704f89e415bb57dc81b20a1e4f0d751d 22340 python-crypto_2.6.1-7.debian.tar.xz Checksums-Sha256: 736942f9c924d2e40b21cbe2f50ee3ceaa2e44f4cbde8571fe26fc0c2e01bb2f 2461 python-crypto_2.6.1-7.dsc 0305c7219c56b6d72a13678580e0dbf7aeec76fbd8f7ec4ad1e00c3137a9156b 22340 python-crypto_2.6.1-7.debian.tar.xz Files: dd3c07e0430ffb2b232738586cb7eb52 2461 python optional python-crypto_2.6.1-7.dsc 976dd98027aa23e259d993240c5e3e80 22340 python optional python-crypto_2.6.1-7.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQIyBAEBCAAcBQJYY5hzFRxzcmFtYWNoZXJAZGViaWFuLm9yZwAKCRBp8vxRbqcZ kwdUD/wPdZAXDArfs3ZRBNxf4r4cxjoBRTbh9ADCr431U6lZQkUHjfNexnrHMIHz bXFAUBift6t8GZO3N8/7w0tJAhniMFEwpRIbRzF4zRbaw1yGFoMY8CEvZelfTEfp +BjA5xjo2siGMvMQW5cWU3PUETW7gr8gIerUX6FtO/9CkJoyIzhVwVSRKuhg9aUj ELKypcX38m8+2WOvD9oWCLpe0NZiARMfQ3PcTnc9v8R4HytN6aqAxuXGIKmhuSiu 0MDq049L4xLI7XuHNl0kQ8lWZR5nPisNrln1u2J1V6/r7DRGsHXs+Efgk7UpbCpc kKRtQ3yJTkPHqIbuJafLtIApvlZTC8GvOPs2/Chc1TGDn2hd7Aq8NuhRjl5XGL/l NoiADDYDloEBZvNFgAp+IfoADNZShmYyQg4byNUNhaEQwnjEOoAllwx3lsZ053Rb H0Ob51KsHuCGXzM8WQbjvE9NM72aG6XMgc+P40tL9KrxlB9Td6aLI3FuxK+Utud4 ivpB8S2Ff0b3We/zaJN0RJEtdOdewk1YAWYbH5QYSxJWZuPy+lzONiRRyX7WbOzA 6mPckqEDn6wKBjW73UFR+Zj13ac+SadWy0Od/06aX1j0uKmCWxZMAwZIjJ7q3YY7 cogsql66ck2OQKZMLfI519VBYUV3wMvnkghbws966l2Tm++rXQ== =0yM1 -----END PGP SIGNATURE-----
--- End Message ---
