Control: found -1 0.2-3
On 2012-05-31 20:01:10, Sebastian Ramacher wrote:
> Due to recent changes in python-crypto it has been discovered that
> python-keyring's CryptedFileKeyring uses AES/CFB in an insecure way. CFB
> requires an unpredictable IV, but CryptedFileKeyring doesn't even pass one.
>
On 2012-12-17 19:31:46, Jason Stephenson wrote:
> Consider this another request for having the fix backported to Wheezy.
I'll check if the fix is easily backportable.
Regards
--
Sebastian Ramacher
signature.asc
Description: Digital signature
Consider this another request for having the fix backported to Wheezy.
It's actually causing me issues with using python-aunchpadlib and other
packages in wheezy.
I wonder if this should be considered release-critical, since it leads
to other broken packages?
--
To UNSUBSCRIBE, email to de
tags 675379 + fixed-upstream
thanks
python-keyring 0.9.2 has been released which contains a fix for this issue.
Kind regards
--
Sebastian Ramacher
signature.asc
Description: OpenPGP digital signature
Package: python-keyring
Version: 0.7.1-1
Severity: important
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Due to recent changes in python-crypto it has been discovered that
python-keyring's CryptedFileKeyring uses AES/CFB in an insecure way. CFB
requires an unpredictable IV, but
5 matches
Mail list logo
