Your message dated Sun, 26 Sep 2021 06:35:45 +0000
with message-id <[email protected]>
and subject line Bug#962142: fixed in python-rsa 4.7.2-1
has caused the Debian Bug report #962142,
regarding python-rsa: CVE-2020-13757
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
962142: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962142
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: python-rsa
Version: 4.0-4
Severity: important
Tags: security upstream
Forwarded: https://github.com/sybrenstuvel/python-rsa/issues/146
Control: found -1 4.0-2
Hi,
The following vulnerability was published for python-rsa.
CVE-2020-13757[0]:
| Python-RSA 4.0 ignores leading '\0' bytes during decryption of
| ciphertext. This could conceivably have a security-relevant impact,
| e.g., by helping an attacker to infer that an application uses Python-
| RSA, or if the length of accepted ciphertext affects application
| behavior (such as by causing excessive memory allocation).
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2020-13757
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13757
[1] https://github.com/sybrenstuvel/python-rsa/issues/146
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: python-rsa
Source-Version: 4.7.2-1
Done: TANIGUCHI Takaki <[email protected]>
We believe that the bug you reported is fixed in the latest version of
python-rsa, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
TANIGUCHI Takaki <[email protected]> (supplier of updated python-rsa package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sun, 26 Sep 2021 15:18:08 +0900
Source: python-rsa
Architecture: source
Version: 4.7.2-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Python Team <[email protected]>
Changed-By: TANIGUCHI Takaki <[email protected]>
Closes: 962142 974685
Changes:
python-rsa (4.7.2-1) unstable; urgency=medium
.
[ TANIGUCHI Takaki ]
* New upstream version 4.6
- Fix "CVE-2020-13757" (Closes: #962142)
- Fix "CVE-2020-25658" (Closes: #974685)
.
[ Ondřej Nový ]
* d/control: Update Maintainer field with new Debian Python Team
contact address.
* d/control: Update Vcs-* fields with new Debian Python Team Salsa
layout.
.
[ TANIGUCHI Takaki ]
* New upstream version 4.7.2
* Bump debian-compat to 13
* d/patches/0001-Fix-test-failure.patch: Fix test failure on build
Checksums-Sha1:
18ae19932b4c1030442b1b5a5c4eaab09e67dd29 2048 python-rsa_4.7.2-1.dsc
e8a53067e03fe1b6682fd99a40a7359396a06daa 39711 python-rsa_4.7.2.orig.tar.gz
f1ee17ae228854117289b15ad816d41e4583d141 4744 python-rsa_4.7.2-1.debian.tar.xz
5ba62a8eb0fbd5c4b7077feff4e9933f28e75cf9 6727
python-rsa_4.7.2-1_source.buildinfo
Checksums-Sha256:
6beb93533884865406295480a9ace8c105b26db1c53445291d32895fb9112c8a 2048
python-rsa_4.7.2-1.dsc
9d689e6ca1b3038bc82bf8d23e944b6b6037bc02301a574935b2dd946e0353b9 39711
python-rsa_4.7.2.orig.tar.gz
2334c80ec5cee05a5ae56ba9bd1bd75d27768eff584a0c0c546be822015835b4 4744
python-rsa_4.7.2-1.debian.tar.xz
7b6ab74884fe87432e386ffd1bddcaf27ecfa197bb7dcc3a57d249cfa34b282b 6727
python-rsa_4.7.2-1_source.buildinfo
Files:
90924bb297d819b9fa6c96a603058a59 2048 python optional python-rsa_4.7.2-1.dsc
c21701cdd75c170f8d690f704a362c44 39711 python optional
python-rsa_4.7.2.orig.tar.gz
9f04b0291dea220f617ceeb2e82f0fea 4744 python optional
python-rsa_4.7.2-1.debian.tar.xz
8a69d8ea085abf1f83d593309041be9e 6727 python optional
python-rsa_4.7.2-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJGBAEBCAAwFiEE0kq/0SfNJVahPGx5zBSfbCil4lcFAmFQEN4SHHRha2FraUBk
ZWJpYW4ub3JnAAoJEMwUn2wopeJXKAsP/0U29AkJGgN903xSy6hK7qgfwrwHAO5K
13rGsM8uT5o4xemCSGFhFhsX6ZdJ+IyjPIBBr/vXdrBLpOUzX5RAUxM6yHvk1WT2
sf3Q0qWiRAbRn2f/l/4c0iRk6AQ5Q3Uiw+4dzAIrdXDFn1vC/EeIEmZvMNPUrAJZ
6eJWBm3F9C9W2S6/RqTIWUT40NIAnwW9SsJNfwh2IosOGNw7WjFWGGBITcArGQQC
lB6QqtodqhsIgB/lX7ErSAnopTGW/2n7cZLboBHeYl9BdiRITcrhT12a7ySvph0n
hT5uRfeugZDnlXLmsKWE6d4A+ZvhIYATPwTnkehEU1gF3DL9ky5w1vhms1tufo50
NiszZpwchHcESkEWSL2gx1nMKq1dVc+ReHSjIFpJU99yveB1zATrYUEaHpniPUtq
8uK4HsRQPSbjiXm3NMfMzialVfK1/eiNB1OlgcKyqh2gUTapxdaWRE8w6N9qW9e7
aYDidckGHENJDgaMuMjMYTf+jOREjEwWyyKqL6ApWkMaFz0dltE6VxWy/T/1E6Xc
8avhewJpqzusa3dmQgMDplaG3dycaEt7gNPdeXSPoEnlHh2vP2AORhpIDWwYz1nk
egX5GSb8vnRiFaj7Uj0j/Ys1onowew8Wq6C9BAOx7S8zu5WqBE1chrND5/BRgZkQ
KdxbS6ajqi0/
=89ua
-----END PGP SIGNATURE-----
--- End Message ---
_______________________________________________
Python-modules-team mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/python-modules-team
