Source: python-bottle-cork Severity: grave Tags: upstream security Justification: user security hole
As reported on https://github.com/FedericoCeratto/bottle-cork/issues/112, the "bottle-cork" module uses a very unsecure hashing algorithm (sha1 with 10 iterations) as default. the defaults should be changed to use a secure hash (or even better: the user should select the hashing algorithm, rather than Cork) _______________________________________________ Secure-testing-team mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-team
