On 2017-01-01 20:55:40, Sebastian Ramacher wrote: > Control: tags -1 - moreinfo > > Hi > > On 2016-12-31 17:03:32, Adam D. Barratt wrote: > > Control: tags -1 + moreinfo > > > > On Thu, 2016-12-29 at 23:15 +0100, Sebastian Ramacher wrote: > > > I'd like to fix CVE-2013-7459 (#849495) in jessie via the next point release. > > > The issue was marked as no-dsa. > > > > > > The proposed debdiff is attached. The same patch was applied to the package in > > > unstable. > > > > + * Throw exception when IV is used with ECB or CTR (CVE-2013-7459) > > > > Do we know if any packages currently in Debian misuse the functions in > > that way? (I realise that any that do are broken, but I'd prefer to find > > that out /before/ releasing an point release that makes them explode if > > possible.) Seems like python-paramiko broke in wheezy-lts (#850025). I will come back to you once I've checked if stable is affected as well. Cheers -- Sebastian Ramacher
Attachment:
signature.asc
Description: PGP signature