Override component to main
pysmi 0.2.2-1 in bionic: universe/misc -> main
python-pysmi 0.2.2-1 in bionic amd64: universe/python/optional/100% -> main
python-pysmi 0.2.2-1 in bionic arm64: universe/python/optional/100% -> main
python-pysmi 0.2.2-1 in bionic armhf: universe/python/optional/100% ->
I reviewed pysmi version 0.2.2-1 as checked into bionic. This should not
be considered a full security audit but rather a quick gauge of
maintainability.
- No CVEs in our database
- pysmi can parse ASN1 mib files and emit json or python code to work with
data in the described format; there's
Override component to main
pycryptodome 3.4.7-1 in bionic: universe/misc -> main
1 publication overridden.
Override component to main
python-pycryptodome 3.4.7-1 in bionic amd64: universe/python/optional/100% ->
main
python-pycryptodome 3.4.7-1 in bionic arm64: universe/python/optional/100% ->
I reviewed pycryptodome version 3.4.7-1 as checked into bionic. This is
not a full security audit, but rather a quick gauge of maintainability. I
especially did not investigate if the implementations are properly
constant-timed, free from leaks, implemented correctly, or suitable for
purpose.
Thanks Steve, I've filed:
https://bugs.launchpad.net/ubuntu/+source/python-crypto/+bug/1759985
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1748572
Title:
[MIR] pysmi, pycryptodome
To manage
Seth, it's a concern if the packages don't declares a Breaks or
Conflicts with one another. If they don't (I'm not currently in a
position to check), could you file a bug on them for this?
If the incompatibility is declared, and proposed-migration says no
packages are uninstallable as a result,
Hello,
One must avoid having both PyCrypto and PyCryptodome installed
at the same time, as they will interfere with each other.
Is this a concern for us?
Thanks
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
Any progress on this review? This is blocking pyasn1*/python-ldap/389
-ds-base from migrating.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1748572
Title:
[MIR] pysmi, pycryptodome
To manage
Seems to me like pysmi would potentially go parse and generate code from
MIBs retrieved from the web (those are not necessarily known to be
safe). I think this warrants some further code review.
** Changed in: pysmi (Ubuntu)
Assignee: Ubuntu OpenStack (ubuntu-openstack) => Ubuntu Security
please could you track the conversion of packages in main in a separate
bug report using different tasks?
** Changed in: pycryptodome (Ubuntu)
Assignee: Ubuntu OpenStack (ubuntu-openstack) => Ubuntu Security Team
(ubuntu-security)
--
You received this bug notification because you are a
https://github.com/openstack/requirements/blob/master/global-
requirements.txt#L224
Some further context - this feels like a general ecosystem move to the
fork:
# NOTE(dims): pysaml 4.0.3 uses pycryptodome instead of pycrypto, for mitaka
# we cannot switch to pycryptodome as many projects are
Subscribing ubuntu-security team due to pycryptodome and fork/nasty-ness
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1748572
Title:
[MIR] pysmi, pycryptodome
To manage notifications about this
Having pycrypto and pycryptodome both in main seems less than ideal but
would like to get a steer from the security team on preference - the
rationale for pycryptodome is that pycrypto is unmaintained.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is
** Changed in: pycryptodome (Ubuntu)
Importance: Undecided => High
** Changed in: pysmi (Ubuntu)
Importance: Undecided => High
** Changed in: pycryptodome (Ubuntu)
Milestone: None => ubuntu-18.02
** Changed in: pysmi (Ubuntu)
Milestone: None => ubuntu-18.02
--
You received this
** Changed in: pysmi (Ubuntu)
Status: Incomplete => New
** Description changed:
[Rationale]
The new version of python-pysnmp4 adds dependencies on python-
pycryptodome and python-pysmi, so these need to be MIRed.
>> pysmi <<
[Availability]
In universe
[Security]
bug subscriptions added for ubuntu-openstack team.
** Description changed:
+ [Rationale]
+
The new version of python-pysnmp4 adds dependencies on python-
pycryptodome and python-pysmi, so these need to be MIRed.
+
+ >> pysmi <<
+
+ [Availability]
+ In universe
+
+ [Security]
+
+
16 matches
Mail list logo
