Tags: patch security upstream
the following vulnerability was published for pycryptodome.
| lib/Crypto/PublicKey/ElGamal.py in PyCrypto through 2.6.1 generates
| weak ElGamal key parameters, which allows attackers to obtain
| sensitive information by reading ciphertext data (i.e., it does not
| have semantic security in face of a ciphertext-only attack). The
| Decisional Diffie-Hellman (DDH) assumption does not hold for
| PyCrypto's ElGamal implementation.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
Secure-testing-team mailing list