From unknown Mon Apr 27 23:15:29 2026 MIME-Version: 1.0 X-Mailer: MIME-tools 5.502 (Entity 5.502) X-Loop: owner@bugs.x2go.org From: owner@bugs.x2go.org (X2Go Bug Tracking System) Subject: Bug#646 closed by Mike Gabriel (X2Go issue (in src:pyhoca-gui) has been marked as closed) Message-ID: References: <20150125121037.EFB1E5DB35@ymir.das-netzwerkteam.de> X-X2go-PR-Keywords: pending X-X2go-PR-Message: they-closed 646 X-X2go-PR-Package: pyhoca-gui X-X2go-PR-Source: pyhoca-gui Date: Sun, 25 Jan 2015 12:15:07 +0000 Content-Type: multipart/mixed; boundary="----------=_1422188108-24196-0" This is a multi-part message in MIME format... ------------=_1422188108-24196-0 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 This is an automatic notification regarding your Bug report which was filed against the pyhoca-gui package: #646: PyHoca-GUI for Windows 0.5.0.0-pre02 has PyCrypto 2.6.0 with CVE-2013= -1445 It has been closed by Mike Gabriel . Their explanation is attached below along with your original report. If this explanation is unsatisfactory and you have not received a better one in a separate message then please contact Mike Gabriel by replying to this email. --=20 X2Go Bug Tracking System Contact owner@bugs.x2go.org with problems ------------=_1422188108-24196-0 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at control) by bugs.x2go.org; 25 Jan 2015 12:11:19 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,NO_RELAYS, URIBL_BLOCKED autolearn=unavailable version=3.3.2 Received: by ymir.das-netzwerkteam.de (Postfix, from userid 1005) id EFB1E5DB35; Sun, 25 Jan 2015 13:10:37 +0100 (CET) From: Mike Gabriel To: 646-submitter@bugs.x2go.org Cc: control@bugs.x2go.org, 646@bugs.x2go.org Subject: X2Go issue (in src:pyhoca-gui) has been marked as closed Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit Message-Id: <20150125121037.EFB1E5DB35@ymir.das-netzwerkteam.de> Date: Sun, 25 Jan 2015 13:10:37 +0100 (CET) close #646 thanks Hello, we are very hopeful that X2Go issue #646 reported by you has been resolved in the new release (0.5.0.4) of the X2Go source project »src:pyhoca-gui«. You can view the complete changelog entry of src:pyhoca-gui (0.5.0.4) below, and you can use the following link to view all the code changes between this and the last release of src:pyhoca-gui. http://code.x2go.org/gitweb?p=pyhoca-gui.git;a=commitdiff;h=513509dcb4ef0552feb1ddaa33f2a86834606499;hp=7a414287b6ead1e4c40d6678d7d82541d267b1a9 If you feel that the issue has not been resolved satisfyingly, feel free to reopen this bug report or submit a follow-up report with further observations described based on the new released version of src:pyhoca-gui. Thanks a lot for contributing to X2Go!!! light+love X2Go Git Admin (on behalf of the sender of this mail) --- X2Go Component: src:pyhoca-gui Version: 0.5.0.4-0x2go1 Status: RELEASE Date: Sun, 25 Jan 2015 13:08:20 +0100 Fixes: 108 646 649 Changes: pyhoca-gui (0.5.0.4-0x2go1) RELEASED; urgency=medium . [ Mike Gabriel ] * New upstream version (0.5.0.4): - Provide empty Turkish translation file. . [ Mark Pedersen-Cook ] * New upstream version (0.5.0.4): - Update Danish translation file. Thanks to Niels Thykier for feedback. . [ Kaan Ozdincer ] * New upstream version (0.5.0.4): - Add Turkish translation to PyHoca-GUI. . [ Mike DePaulo ] * New upstream version (0.5.0.4): - Fix win32 build (missing win32gui.pyd) (Fixes: #649) - Windows: Install VcXsrv "misc" fonts by default, and make all 4 font groups optional: misc, 75dpi, 100dpi and others (Fixes: #108) Note: The fact that all the fonts are included makes the installer about 30MB larger. - Windows: Upgrade from VcXsrv-xp 1.14.3.2 to VcXsrv 1.15.2.2-xp+vc2013+x2go1 This new major version includes security fixes such as: OpenSSL update to 1.0.1k xorg-server CVE-2014-8091..8103 fixes - Windows: Update nxproxy's Cygwin libraries from the latest versions as of 2014-06-09 to the latest versions as of 2014-10-18. - Windows: Update bundled Python to 2.7.9 - Windows: Update bundled Python libraries to latest versions as of 2015-01-24 (Fixes: #646) ------------=_1422188108-24196-0 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at submit) by bugs.x2go.org; 20 Oct 2014 13:18:11 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50,FREEMAIL_FROM, T_DKIM_INVALID,URIBL_BLOCKED autolearn=ham version=3.3.2 Received: from mail-wg0-f51.google.com (mail-wg0-f51.google.com [74.125.82.51]) by ymir.das-netzwerkteam.de (Postfix) with ESMTPS id F37865DB47 for ; Mon, 20 Oct 2014 15:18:09 +0200 (CEST) Received: by mail-wg0-f51.google.com with SMTP id b13so5421506wgh.22 for ; Mon, 20 Oct 2014 06:18:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=yf0UXX2gwuwqXuI4vXxXcEJCoGWV2OMPd0OclqWX26Y=; b=Cv+FBkY1RS0Ym5RXxEV/TyfwlnS+0AFvkdqg0fgVk8TDiWkLH1m1S/2a5MUpAcLG5c baBgfuMU/BjHvbZtKvIK60mpeNr5zNCyh3234SB59xG5hvt3FTTeQNfsKUiXVM0MFO3V wAWMNhuZ6Mxp7+TsD63tSAUvF7ZeMXTxjBkm3oLPT8CNegOMvRUvXadFrV933wF9viph pHbKbyM6TU93xP3Jasy3t/0oU4JvM0Do7JUOVAtU0J7XZJOMGE9FPnit2jPe+yBVPhfK jX4dvli2s8OjenOsA1PLcrHuNpXoaHAFBUPpm0Su81iv9OMM6/eQ7KSRQPsrREyev+KN FOwg== MIME-Version: 1.0 X-Received: by 10.194.239.10 with SMTP id vo10mr33450327wjc.29.1413811089600; Mon, 20 Oct 2014 06:18:09 -0700 (PDT) Received: by 10.180.211.11 with HTTP; Mon, 20 Oct 2014 06:18:09 -0700 (PDT) Date: Mon, 20 Oct 2014 09:18:09 -0400 Message-ID: Subject: PyHoca-GUI for Windows 0.5.0.0-pre02 has PyCrypto 2.6.0 with CVE-2013-1445 From: Michael DePaulo To: submit@bugs.x2go.org Content-Type: text/plain; charset=UTF-8 package: pyhoca-gui version: 0.5.0.0-pre02 NOTE: This bug is specifically about the Windows builds of PyHoca-GUI. When I built PyHoca-GUI 0.5.0.0-pre02 for for Windows, I used the latest Windows build of PyCrypto, 2.6, available here (and linked to from the wiki): http://www.voidspace.org.uk/python/modules.shtml#pycrypto Unfortunately, there is a vulnerability (CVE-2013-1445) in 2.6. 2.6.1 was released to fix it: https://github.com/dlitz/pycrypto/blob/7fd528d03b5eae58eef6fd219af5d9ac9c83fa50/ChangeLog I am attempting to find a Windows build of PyCrypto 2.6.1 for Python 2.7 32-bit. This is blocking my release of PyHoca-GUI 0.5.0.0 for Windows. if I cannot find one, I will try to build PyCrypto 2.6.1 myself. I welcome any help. -Mike#2 ------------=_1422188108-24196-0--