Hi
Yes I forgot to push my changes. Thanks for handling it for me.
// Ola
On 12 April 2018 at 14:14, Ola Lundqvist wrote:
> Hi
>
> I thought I did. Maybe I forgot to push my changes.
>
> Thanks for resolving it.
>
> // Ola
>
> On 11 April 2018 at 22:18, Antoine Beaupré
Hi
I thought I did. Maybe I forgot to push my changes.
Thanks for resolving it.
// Ola
On 11 April 2018 at 22:18, Antoine Beaupré wrote:
> On 2018-04-10 14:33:28, Ola Lundqvist wrote:
> > Hi Salvatore
> >
> > Great. Thanks. Then we do not need to do anything more to
On 2018-04-10 14:33:28, Ola Lundqvist wrote:
> Hi Salvatore
>
> Great. Thanks. Then we do not need to do anything more to libgcrypt. I'll
> remove it from dla-needed.txt.
Assuming you forgot to do so, I went ahead and removed it from
dla-needed.txt and marked it as no-dsa in wheezy.
A.
--
Hi Salvatore
Great. Thanks. Then we do not need to do anything more to libgcrypt. I'll
remove it from dla-needed.txt.
// Ola
On 9 April 2018 at 21:06, Salvatore Bonaccorso wrote:
> Hi Ola,
>
> On Mon, Apr 09, 2018 at 08:59:32PM +0200, Ola Lundqvist wrote:
> > Hi all
> >
> >
Hi Ola,
On Mon, Apr 09, 2018 at 08:59:32PM +0200, Ola Lundqvist wrote:
> Hi all
>
> I found another issue that looks very similar. It is
> https://security-tracker.debian.org/tracker/CVE-2018-6594
>
> Should we treat it the same way, marking it as ignored?
I guess you mean CVE-2018-6829?
If
Hi all
I found another issue that looks very similar. It is
https://security-tracker.debian.org/tracker/CVE-2018-6594
Should we treat it the same way, marking it as ignored?
Best regards
// Ola
On 9 April 2018 at 07:26, Salvatore Bonaccorso wrote:
> Hi Brian,
>
> On Fri,
Hi Brian,
On Fri, Apr 06, 2018 at 07:06:30PM +1000, Brian May wrote:
> Ola Lundqvist writes:
>
> > This is what I think we should do.
> >
> > 1) Send a new DLA telling that the fix is only partial and not complete and
> > in addtion that elgamal encryption is not supported by
I think this sounds like a good plan.
Sent from a phone
Den fre 6 apr 2018 11:06Brian May skrev:
> Ola Lundqvist writes:
>
> > This is what I think we should do.
> >
> > 1) Send a new DLA telling that the fix is only partial and not complete
> and
> > in
Ola Lundqvist writes:
> This is what I think we should do.
>
> 1) Send a new DLA telling that the fix is only partial and not complete and
> in addtion that elgamal encryption is not supported by the library and
> should not be used.
>
> 2) Mark the CVE as no-dsa/ignored in the
Hi Brian
This is what I think we should do.
1) Send a new DLA telling that the fix is only partial and not complete and
in addtion that elgamal encryption is not supported by the library and
should not be used.
2) Mark the CVE as no-dsa/ignored in the security database.
Suggested DLA text. Any
Ola Lundqvist writes:
> Do we have a fix that solve the problem? If we do we can simply upload a
> new version with the fix and describe it accordingly.
> If it is fixed in some cases it may be considered fixed.
>
> I have not checked the details about this specific problem.
Hi
Do we have a fix that solve the problem? If we do we can simply upload a
new version with the fix and describe it accordingly.
If it is fixed in some cases it may be considered fixed.
I have not checked the details about this specific problem.
// Ola
On 2 April 2018 at 10:22, Brian May
Ola Lundqvist writes:
> We can simply send a DLA-1283-2 telling that it was not fixed.
Do we all agree that this is not fixed? It really depends on the user's
of this library and how they use it.
Lets assume we agree it isn't fixed.
I cannot think how to word this advisory. I
Hi
We can simply send a DLA-1283-2 telling that it was not fixed.
// Ola
On 29 March 2018 at 21:34, Antoine Beaupré wrote:
> On 2018-03-27 07:38:43, Brian May wrote:
> > Antoine Beaupré writes:
> >
> >> I'm not sure. The security team marked
On 2018-03-27 07:38:43, Brian May wrote:
> Antoine Beaupré writes:
>
>> I'm not sure. The security team marked that as "no-dsa (minor issue)"
>> for jessie and stretch, and fixed in pycryptodome 3.4.11-1... Couldn't
>> we reuse the fixes from cryptodome to get this
Antoine Beaupré writes:
> I'm not sure. The security team marked that as "no-dsa (minor issue)"
> for jessie and stretch, and fixed in pycryptodome 3.4.11-1... Couldn't
> we reuse the fixes from cryptodome to get this working properly? Or is
> this what you say breaks
On 2018-02-20 07:33:27, Brian May wrote:
> Any comments? Where should we go from here?
I'm not sure. The security team marked that as "no-dsa (minor issue)"
for jessie and stretch, and fixed in pycryptodome 3.4.11-1... Couldn't
we reuse the fixes from cryptodome to get this working properly? Or
My information, as communicated by Erik-Oliver Blass via private email
is that this issue was not fixed upstream.
I had assumed when upstream said "I will close this issue, since this
fix is in v3.4.10." in
https://github.com/Legrandin/pycryptodome/issues/90#issuecomment-362907413
it was meant
18 matches
Mail list logo