17.04 and 17.10 are not affected since they publish the fixed version
0.3.2. 16.04 appears to be affected, but the code is significantly
different. I've requested info from the source project owner to test my
proposed patch for 16.04.

You received this bug notification because you are a member of FreeIPA,
which is subscribed to python-jwcrypto in Ubuntu.


Status in python-jwcrypto package in Ubuntu:
  In Progress

Bug description:
  The _Rsa15 class in the RSA 1.5 algorithm implementation in jwa.py in
  jwcrypto before 0.3.2 lacks the Random Filling protection mechanism,
  which makes it easier for remote attackers to obtain cleartext data
  via a Million Message Attack (MMA).


To manage notifications about this bug go to:

Mailing list: https://launchpad.net/~freeipa
Post to     : freeipa@lists.launchpad.net
Unsubscribe : https://launchpad.net/~freeipa
More help   : https://help.launchpad.net/ListHelp

Reply via email to