Bug#849698: jessie-pu: package python-crypto/2.6.1-5+deb8u1

To: Sebastian Ramacher <sramacher@debian.org>, 849698@bugs.debian.org
Subject: Bug#849698: jessie-pu: package python-crypto/2.6.1-5+deb8u1
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Fri, 06 Jan 2017 23:24:36 +0000
Message-id: <[🔎] 1483745076.7032.69.camel@adam-barratt.org.uk>
Reply-to: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 849698@bugs.debian.org
In-reply-to: <[🔎] 20170106145850.idtaeylas4yx2z6q@ramacher.at>
References: <20161229221502.5nilte5ultyw2y57@ramacher.at> <1483203812.22890.45.camel@adam-barratt.org.uk> <[🔎] 20170101195540.v2qa3g7o2qnkfzit@ramacher.at> <[🔎] 20170103100540.u44vjzdwclkjwr64@ramacher.at> <[🔎] 20170103130559.jgkljmqpco2x3vj2@ramacher.at> <[🔎] 1483646333.7032.42.camel@adam-barratt.org.uk> <[🔎] 20170106145850.idtaeylas4yx2z6q@ramacher.at>

Control: tags -1 + pending

On Fri, 2017-01-06 at 15:58 +0100, Sebastian Ramacher wrote:
> Hi
> 
> On 2017-01-05 19:58:53, Adam D. Barratt wrote:
> > Control: tags -1 + confirmed
> > 
> > On Tue, 2017-01-03 at 14:05 +0100, Sebastian Ramacher wrote:
> > > Hi
> > > 
> > > On 2017-01-03 11:05:40, Sebastian Ramacher wrote:
> > > > On 2017-01-01 20:55:40, Sebastian Ramacher wrote:
> > [..]
> > > > > > 
> > > > > > On Thu, 2016-12-29 at 23:15 +0100, Sebastian Ramacher wrote:
> > > > > > > I'd like to fix CVE-2013-7459 (#849495) in jessie via the next point release.
> > > > > > > The issue was marked as no-dsa.
> > > > > > > 
> > > > > > > The proposed debdiff is attached. The same patch was applied to the package in
> > > > > > > unstable.
> > > > > > 
> > > > > > +  * Throw exception when IV is used with ECB or CTR (CVE-2013-7459)
> > [...]
> > > > Seems like python-paramiko broke in wheezy-lts (#850025). I will come back to
> > > > you once I've checked if stable is affected as well.
> > > 
> > > New debdiff is attached. Instead of throwing an exception the IV is simply
> > > ignored and a warning is displayed.
> > 
> > The patch itself still refers to exceptions in its metadata, fwiw.
> 
> Thanks, updated the metadata and explained the change compared to the original
> upstream patch.
> 
> > Please go ahead.
> 
> Uploaded with above change.

Flagged for acceptance in to p-u.

Regards,

Adam

Reply to:

References:
- Bug#849698: jessie-pu: package python-crypto/2.6.1-5+deb8u1
  - From: Sebastian Ramacher <sramacher@debian.org>
- Bug#849698: jessie-pu: package python-crypto/2.6.1-5+deb8u1
  - From: Sebastian Ramacher <sramacher@debian.org>
- Bug#849698: jessie-pu: package python-crypto/2.6.1-5+deb8u1
  - From: Sebastian Ramacher <sramacher@debian.org>
- Bug#849698: jessie-pu: package python-crypto/2.6.1-5+deb8u1
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
- Bug#849698: jessie-pu: package python-crypto/2.6.1-5+deb8u1
  - From: Sebastian Ramacher <sramacher@debian.org>

Prev by Date: Bug#849865: jessie-pu: package postgresql-common/165+deb8u2
Next by Date: Processed: Re: Bug#849698: jessie-pu: package python-crypto/2.6.1-5+deb8u1
Previous by thread: Bug#849698: jessie-pu: package python-crypto/2.6.1-5+deb8u1
Next by thread: Processed: Re: Bug#849698: jessie-pu: package python-crypto/2.6.1-5+deb8u1
Index(es):
- Date
- Thread