Tags: security upstream
the following vulnerability was published for python-crypto.
| lib/Crypto/PublicKey/ElGamal.py in PyCrypto through 2.6.1 generates
| weak ElGamal key parameters, which allows attackers to obtain
| sensitive information by reading ciphertext data (i.e., it does not
| have semantic security in face of a ciphertext-only attack). The
| Decisional Diffie-Hellman (DDH) assumption does not hold for
| PyCrypto's ElGamal implementation.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
Please adjust the affected versions in the BTS as needed.
Secure-testing-team mailing list