subject:"Bug#922442\: There is a security weakness in p7zip password encryption. IV for AES\-CBC is generated from a very poor RNG \(poorly seeded\) and half of it is always zeroes."

Bug#922442: There is a security weakness in p7zip password encryption. IV for AES-CBC is generated from a very poor RNG (poorly seeded) and half of it is always zeroes.

2019-12-30 Thread Klint Yeastmood

Hi, has this bug been fixed? After browsing the source at https://salsa.debian.org/debian/p7zip it looks to me like it hasn't... The bug has been reported to Igor Pavlov (https://sourceforge.net/p/sevenzip/bugs/2176/) and there is a patch available for p7zip 16.02 backported from 7-Zip 19.00 -

Bug#922442: There is a security weakness in p7zip password encryption. IV for AES-CBC is generated from a very poor RNG (poorly seeded) and half of it is always zeroes.

2019-02-15 Thread 3lbios

Package: p7zip Version: 9.20.1~dfsg.1-4.1+deb8u3 Severity: normal Tags: security patch -- System Information: Distributor ID: Raspbian Description:Raspbian GNU/Linux 8.0 (jessie) Release:8.0 Codename: jessie Architecture: armv6l Kernel: Linux 4.14.90+ Locale: