X2Go Bug report logs - #646
PyHoca-GUI for Windows 0.5.0.0-pre02 has PyCrypto 2.6.0 with CVE-2013-1445

version graph

Package: pyhoca-gui; Maintainer for pyhoca-gui is X2Go Developers <x2go-dev@lists.x2go.org>; Source for pyhoca-gui is src:pyhoca-gui.

Reported by: Michael DePaulo <mikedep333@gmail.com>

Date: Mon, 20 Oct 2014 13:20:01 UTC

Severity: normal

Tags: pending

Found in version 0.5.0.0-pre02

Fixed in version 0.5.0.4

Done: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>

Bug is archived. No further changes may be made.

Full log


🔗 View this message in rfc822 format

X-Loop: owner@bugs.x2go.org
Subject: Bug#646: PyHoca-GUI for Windows 0.5.0.0-pre02 has PyCrypto 2.6.0 with CVE-2013-1445
Reply-To: Michael DePaulo <mikedep333@gmail.com>, 646@bugs.x2go.org
Resent-From: Michael DePaulo <mikedep333@gmail.com>
Resent-To: x2go-dev@lists.x2go.org
Resent-CC: X2Go Developers <x2go-dev@lists.x2go.org>
X-Loop: owner@bugs.x2go.org
Resent-Date: Mon, 20 Oct 2014 13:20:01 +0000
Resent-Message-ID: <handler.646.B.141381109129895@bugs.x2go.org>
Resent-Sender: owner@bugs.x2go.org
X-X2Go-PR-Message: report 646
X-X2Go-PR-Package: pyhoca-gui
X-X2Go-PR-Keywords: 
Received: via spool by submit@bugs.x2go.org id=B.141381109129895
          (code B); Mon, 20 Oct 2014 13:20:01 +0000
Received: (at submit) by bugs.x2go.org; 20 Oct 2014 13:18:11 +0000
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on
	ymir.das-netzwerkteam.de
X-Spam-Level: 
X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50,FREEMAIL_FROM,
	T_DKIM_INVALID,URIBL_BLOCKED autolearn=ham version=3.3.2
Received: from mail-wg0-f51.google.com (mail-wg0-f51.google.com [74.125.82.51])
	by ymir.das-netzwerkteam.de (Postfix) with ESMTPS id F37865DB47
	for <submit@bugs.x2go.org>; Mon, 20 Oct 2014 15:18:09 +0200 (CEST)
Received: by mail-wg0-f51.google.com with SMTP id b13so5421506wgh.22
        for <submit@bugs.x2go.org>; Mon, 20 Oct 2014 06:18:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:date:message-id:subject:from:to:content-type;
        bh=yf0UXX2gwuwqXuI4vXxXcEJCoGWV2OMPd0OclqWX26Y=;
        b=Cv+FBkY1RS0Ym5RXxEV/TyfwlnS+0AFvkdqg0fgVk8TDiWkLH1m1S/2a5MUpAcLG5c
         baBgfuMU/BjHvbZtKvIK60mpeNr5zNCyh3234SB59xG5hvt3FTTeQNfsKUiXVM0MFO3V
         wAWMNhuZ6Mxp7+TsD63tSAUvF7ZeMXTxjBkm3oLPT8CNegOMvRUvXadFrV933wF9viph
         pHbKbyM6TU93xP3Jasy3t/0oU4JvM0Do7JUOVAtU0J7XZJOMGE9FPnit2jPe+yBVPhfK
         jX4dvli2s8OjenOsA1PLcrHuNpXoaHAFBUPpm0Su81iv9OMM6/eQ7KSRQPsrREyev+KN
         FOwg==
MIME-Version: 1.0
X-Received: by 10.194.239.10 with SMTP id vo10mr33450327wjc.29.1413811089600;
 Mon, 20 Oct 2014 06:18:09 -0700 (PDT)
Received: by 10.180.211.11 with HTTP; Mon, 20 Oct 2014 06:18:09 -0700 (PDT)
Date: Mon, 20 Oct 2014 09:18:09 -0400
Message-ID: <CAMKht8hFPP1zsnaz1Amv46oC8BJzVxy_827pz4tGsrwcuv8yYw@mail.gmail.com>
From: Michael DePaulo <mikedep333@gmail.com>
To: submit@bugs.x2go.org
Content-Type: text/plain; charset=UTF-8
package: pyhoca-gui
version: 0.5.0.0-pre02

NOTE: This bug is specifically about the Windows builds of PyHoca-GUI.

When I built PyHoca-GUI 0.5.0.0-pre02 for for Windows, I used the
latest Windows build of PyCrypto, 2.6, available here (and linked to
from the wiki):
http://www.voidspace.org.uk/python/modules.shtml#pycrypto

Unfortunately, there is a vulnerability (CVE-2013-1445) in 2.6. 2.6.1
was released to fix it:
https://github.com/dlitz/pycrypto/blob/7fd528d03b5eae58eef6fd219af5d9ac9c83fa50/ChangeLog

I am attempting to find a Windows build of PyCrypto 2.6.1 for Python
2.7 32-bit. This is blocking my release of PyHoca-GUI 0.5.0.0 for
Windows. if I cannot find one, I will try to build PyCrypto 2.6.1
myself. I welcome any help.

-Mike#2

Send a report that this bug log contains spam.


X2Go Developers <owner@bugs.x2go.org>. Last modified: Sun Aug 25 11:16:17 2019; Machine Name: ymir.das-netzwerkteam.de

X2Go Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.