python-crypto / pycryptodome / CVE-2018-6594

To: debian-lts@lists.debian.org, security@debian.org
Subject: python-crypto / pycryptodome / CVE-2018-6594
From: Brian May <brian@linuxpenguins.xyz>
Date: Thu, 08 Feb 2018 08:20:22 +1100
Message-id: <[🔎] 87h8qsv6nd.fsf@prune.linuxpenguins.xyz>

Hello,

According to the upstream bug report:
https://github.com/dlitz/pycrypto/issues/253

"This bug is prevalent. It exists in PyCryptodome and libgcrypt (if used
directly to encrypt messages)."

Anyone know what the connection is between these python libraries and
libgcrypt? Should libgcrypt be marked as vulnerable too?

I believe python-crypto / pycryptodome are native Python implementations
that don't use gcrypt, while gcrypt is a native C library that doesn't
use python-crypto / pycryptodome.

Regards
-- 
Brian May <brian@linuxpenguins.xyz>
https://linuxpenguins.xyz/brian/

Reply to:

Follow-Ups:
- Re: python-crypto / pycryptodome / CVE-2018-6594
  - From: Salvatore Bonaccorso <carnil@debian.org>
- Re: python-crypto / pycryptodome / CVE-2018-6594
  - From: Brian May <bam@debian.org>

Prev by Date: Re: [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] add python2.6, 2.7 and claim 2.7
Next by Date: krb5 security vulnerabilities
Previous by thread: [SECURITY] [DLA-1271-1] postgresql-9.1 security update
Next by thread: Re: python-crypto / pycryptodome / CVE-2018-6594
Index(es):
- Date
- Thread