Hi Brian
This is what I think we should do.
1) Send a new DLA telling that the fix is only partial and not complete and in addtion that elgamal encryption is not supported by the library and should not be used.
2) Mark the CVE as no-dsa/ignored in the security database.
Suggested DLA text. Any opinion about this text? I'm not a native English speaker so my language may not be the best.
Package : python-crypto
Version : 2.6-4+deb7u8
CVE ID : CVE-2018-6594
Debian Bug : 889999
This is an update to DLA-1283-1. In DLA-1283-1 it is claimed that the issue
described in CVE-2018-6594 is fixed. It turns out that the fix is partial and
upstream has decided not to fix the issue as it would break compatibility and
that ElGamal encryption was not intended to work on its own.
The recommendation is still to upgrade python-crypto packages but in addition
to that consider that the fix is not complete. If you application using python-crypto
is implementing ElGamal encryption you should consider changing to some
other encryption method.
There will be no further update to python-crypto for this specific CVE. A fix would
break compatibility, the problem has been ignored by regular Debian Security team
due to its minor nature and in addition to that we are close to the end of life of the
Wheezy security support.
CVE-2018-6594:
python-crypto generated weak ElGamal key parameters, which allowed attackers toobtain sensitive information by reading ciphertext data (i.e., it did not havesemantic security in face of a ciphertext-only attack).For Debian 7 "Wheezy", the problem has been partially fixed in version2.6-4+deb7u8.We recommend that you upgrade your python-crypto packages.Further information about Debian LTS security advisories, how to applythese updates to your system and frequently asked questions can befound at: https://wiki.debian.org/LTS