Moritz Muehlenhoff
2009-Feb-22 22:42 UTC
[Secure-testing-team] Bug#516660: Buffer overflow in the PyCrypto ARC2 modules
Package: python-crypto
Severity: grave
Tags: security
--
Name: CVE-2009-0544
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0544
Reference: MLIST:[oss-security] 20090207 CVE Request: pycrypto
Reference: URL:http://www.openwall.com/lists/oss-security/2009/02/07/1
Reference:
CONFIRM:http://gitweb2.dlitz.net/?p=crypto/pycrypto-2.x.git;a=commitdiff;h=d1c4875e1f220652fe7ff8358f56dee3b2aba31b
Reference:
CONFIRM:http://gitweb2.dlitz.net/?p=crypto/pycrypto-2.x.git;a=commitdiff;h=fd73731dfad451a81056fbb01e09aa78ab82eb5d
Reference: XF:pycrypto-arc2module-bo(48617)
Reference: URL:http://xforce.iss.net/xforce/xfdb/48617
Buffer overflow in the PyCrypto ARC2 module 2.0.1 allows remote
attackers to cause a denial of service and possibly execute arbitrary
code via a large ARC2 key length.
---
Can you prepare updated packages for oldstable-security and stable-security?
Cheers,
Moritz
-- System Information:
Debian Release: 5.0
APT prefers unstable
APT policy: (500, ''unstable'')
Architecture: i386 (i686)
Kernel: Linux 2.6.26-1-686 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15 at euro (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash
Versions of packages python-crypto depends on:
ii python 2.5.2-3 An interactive high-level object-o
ii python-central 0.6.8 register and build utility for Pyt
python-crypto recommends no packages.
Versions of packages python-crypto suggests:
pn python-crypto-dbg <none> (no description available)