Your message dated Sun, 15 Apr 2018 23:43:24 +0000
with message-id <e1f7riq-00009n...@fasolo.debian.org>
and subject line Bug#889999: fixed in python-crypto 2.6.1-9
has caused the Debian Bug report #889999,
regarding python-crypto: CVE-2018-6594
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
889999: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889999
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: python-crypto
Version: 2.6.1-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/dlitz/pycrypto/issues/253

Hi,

the following vulnerability was published for python-crypto.

CVE-2018-6594[0]:
| lib/Crypto/PublicKey/ElGamal.py in PyCrypto through 2.6.1 generates
| weak ElGamal key parameters, which allows attackers to obtain
| sensitive information by reading ciphertext data (i.e., it does not
| have semantic security in face of a ciphertext-only attack). The
| Decisional Diffie-Hellman (DDH) assumption does not hold for
| PyCrypto's ElGamal implementation.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2018-6594
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6594
[1] https://github.com/dlitz/pycrypto/issues/253

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---
--- Begin Message ---
Source: python-crypto
Source-Version: 2.6.1-9

We believe that the bug you reported is fixed in the latest version of
python-crypto, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 889...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Sebastian Ramacher <sramac...@debian.org> (supplier of updated python-crypto 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Mon, 16 Apr 2018 01:14:05 +0200
Source: python-crypto
Binary: python-crypto python-crypto-dbg python3-crypto python3-crypto-dbg 
python-crypto-doc
Architecture: source
Version: 2.6.1-9
Distribution: unstable
Urgency: medium
Maintainer: Sebastian Ramacher <sramac...@debian.org>
Changed-By: Sebastian Ramacher <sramac...@debian.org>
Description:
 python-crypto - cryptographic algorithms and protocols for Python
 python-crypto-dbg - cryptographic algorithms and protocols for Python (debug 
extensio
 python-crypto-doc - cryptographic algorithms and protocols for Python 
(documentation)
 python3-crypto - cryptographic algorithms and protocols for Python 3
 python3-crypto-dbg - cryptographic algorithms and protocols for Python 3 
(debug extens
Closes: 889999
Changes:
 python-crypto (2.6.1-9) unstable; urgency=medium
 .
   * debian/control:
     - Move to salsa.d.o.
     - Bump Standards-Version.
   * debian/: Bump debhelper compat to 11.
   * debian/tests: Add allow-stderr restriction instead of fidling with
     warnings.
   * debian/patches: Apply backported patch from pycryptodome to Fix ElGamal
     key generation (CVE-2018-6594). (Closes: #889999)
   * debian/copyright: Update copyright years.
Checksums-Sha1:
 0e0a1b6c669b7fdf049a869ec27206cc5656d34c 2397 python-crypto_2.6.1-9.dsc
 d043ad36f501ad20ea2050d423746dd2802dbcb8 23564 
python-crypto_2.6.1-9.debian.tar.xz
Checksums-Sha256:
 657cc7de563aaf802b11c4d8206774fc8a6e7f62320df48b3ef7af831d4ff019 2397 
python-crypto_2.6.1-9.dsc
 265d5b48268bb8ba213074dea8a1c49263a764f30378f82a815d2aa86ac35de6 23564 
python-crypto_2.6.1-9.debian.tar.xz
Files:
 4d484df2db43ca8f0ade3743bc843edd 2397 python optional python-crypto_2.6.1-9.dsc
 02809a0f8c870710d8592afdc38c4dd8 23564 python optional 
python-crypto_2.6.1-9.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEE94y6B4F7sUmhHTOQafL8UW6nGZMFAlrT3ZgACgkQafL8UW6n
GZOxcg//TpS08TohgQ9Ba55zMN0PKHJ8DtgGLcsFmuT4zLBRtv5fOa7GFO4/t+kZ
WUcHsLbdksgpZ7DW4wi1QsAbD57Jzl0jyx4rKeIbFs0rLsEEyP939QSGHccOC65O
HqKaNeIW7rNKAXyYhzuEP/Oyzg9eqEFg+YvNElv8mNfdJ/JuGOkEEGj05WxDID43
7K/z9p9KCfrp8iHV/DQcmKEtCh//WmtdA3KZjaMicE1iwiyrkFUlJ564/4licCMO
alFrllbFeaZWwFhl4Kxz/t/1izaqVYRDdO0vL3DGDcloPPSFopmy8DqO3s+JaRpp
t0+l9nVvlM3tfFcNmvGJywO2xRPIHWdL7yODMDbJibdV+wVGAiBpOlSKgXit7jBy
ODv2yz2Ap/LjACL4G5Ud5HufuNt5f7N/6YSuYU21WOFHl3lMAQSdjLy9ImJZAi1H
iwudjxIBftq2qimcwmr0finKFsIfig37uWV0rtnRJJNWVCNw2vjBL9idENbHleHj
LX5OqyExO9E9+cT1PrdgT/WiX6UWZfHJYUAUU+0q3qQvQgAVETUeOPhPiQ7cC1/Q
xDTEystrJFy45gbuUPFpvMhz5y5/rkmICoZCXA240je4OdVHoV+plE6v87KxSUrt
UL/2Ho/AYMWgJYwDKUO+L/+wqYmeEdRwy/oHB9uzaRksf4ro7Pw=
=KezN
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to