Your message dated Fri, 10 Feb 2017 09:49:19 +0000
with message-id <[email protected]>
and subject line Bug#854390: fixed in python-bottle-cork 0.12.0-2
has caused the Debian Bug report #854390,
regarding python-bottle-cork: insecure default hashing algorithm
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
854390: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854390
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: python-bottle-cork
Severity: grave
Tags: upstream security
Justification: user security hole
As reported on https://github.com/FedericoCeratto/bottle-cork/issues/112, the
"bottle-cork" module uses a very unsecure hashing algorithm (sha1 with 10
iterations) as default.
the defaults should be changed to use a secure hash (or even better: the user
should select the hashing algorithm, rather than Cork)
--- End Message ---
--- Begin Message ---
Source: python-bottle-cork
Source-Version: 0.12.0-2
We believe that the bug you reported is fixed in the latest version of
python-bottle-cork, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
IOhannes m zmölnig (Debian/GNU) <[email protected]> (supplier of updated
python-bottle-cork package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Fri, 10 Feb 2017 10:04:27 +0100
Source: python-bottle-cork
Binary: python-bottle-cork python3-bottle-cork
Architecture: source
Version: 0.12.0-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Python Modules Team
<[email protected]>
Changed-By: IOhannes m zmölnig (Debian/GNU) <[email protected]>
Description:
python-bottle-cork - Authentication/Authorization library for Bottle - Python 2
python3-bottle-cork - Authentication/Authorization library for Bottle
Closes: 854390
Changes:
python-bottle-cork (0.12.0-2) unstable; urgency=medium
.
* Backported fix for weak hashing defaults (Closes: #854390)
* Thanks: Federico Ceratto
Checksums-Sha1:
452cfe2af95332d5774b6095457857460fefbd18 2046 python-bottle-cork_0.12.0-2.dsc
37959f0ddb7442368cee821e0f4d3f3c2e21de6e 4668
python-bottle-cork_0.12.0-2.debian.tar.xz
d4e0c0e0220634e6f892f5b86da9b633d001ba9a 5732
python-bottle-cork_0.12.0-2_amd64.buildinfo
Checksums-Sha256:
75c40e35add0e031aa5a6468e5a8ea94aa1e1dd1cb4735b0b6eee8bc3fa93ed8 2046
python-bottle-cork_0.12.0-2.dsc
425b690593a42b39966547fc24b6f7a8e5b3c76e1181613fb59893dad962a978 4668
python-bottle-cork_0.12.0-2.debian.tar.xz
ad3bbeccbb7aa3d3e45c20810197e08ff23d35620347bfa080db3ddb057cf79b 5732
python-bottle-cork_0.12.0-2_amd64.buildinfo
Files:
6b5892309d02e33932a30002e8ce1515 2046 python optional
python-bottle-cork_0.12.0-2.dsc
5e5ab35a995c658acdd680d9a31544f6 4668 python optional
python-bottle-cork_0.12.0-2.debian.tar.xz
fbc23aa66f0787690e4038c994f13415 5732 python optional
python-bottle-cork_0.12.0-2_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEdAXnRVdICXNIABVttlAZxH96NvgFAlidiMAACgkQtlAZxH96
NviJiQ//eKzEtMEgwsSwOsJkvrIgxJlN+GGSyDesXk19p8t/Yfu7OT/W/TAog7gq
tkBnTTpC0gEAemEMpW6vFTHKgZBP6jKL2buxWFYyZlbVoWBHMr0BH0c0ZVyfphi4
penlL/i/8FRYGll/Y+VmLVVRj49pr1WmPvSoODZ2UeSm5zaRalobe4/AyCrTpvNO
Jk7FCsf4hApuf12owZKnrncSV7mDKYHuEO6v9nUcjkNBi92fJ7B6MbM7zW357pIl
Wyxpyshw0Pa6pwBqJvvPTnFXGJFj8XtfDXHhWStLkRI+2d3iTvLljtgTb5aa5mWP
JLnCEd/XMcRRjih/xQiy8Jowl0+/NB7WvZ2dK3jEJF747djUtbIbBrjs5Wwjldon
pDsiVRVYA7aUik41hBJRm2Q1Sg6VW7+onzeCdNlKYvGime0I105fba1DFTqqcqLw
vbAkeKxlrffkHYDLJplMWXjm/CqK97YGXYQu6dVAqbCVnomkP854WvgVWns1YFmQ
t6a5qebKBfG/U4bhohHYiBAGPAY9XGATljitVWXTGs0QBSLCxBJ1XlFSti7eZMGS
u+NOkrPakaUhr3OFNFHmEq60rj/s3mH6TIPAFHZwxV2isIgeuybFRBRyKGKbiva0
qeSY06r5hbPCo8PIj5HouwAwTFi2LTwnWVyAXwGrpycoJCd5Irg=
=m5WO
-----END PGP SIGNATURE-----
--- End Message ---
_______________________________________________
Python-modules-team mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/python-modules-team
