From unknown Thu Mar 28 15:28:11 2024 X-Loop: owner@bugs.x2go.org Subject: Bug#646: PyHoca-GUI for Windows 0.5.0.0-pre02 has PyCrypto 2.6.0 with CVE-2013-1445 Reply-To: Michael DePaulo , 646@bugs.x2go.org Resent-From: Michael DePaulo Resent-To: x2go-dev@lists.x2go.org Resent-CC: X2Go Developers X-Loop: owner@bugs.x2go.org Resent-Date: Mon, 20 Oct 2014 13:20:01 +0000 Resent-Message-ID: Resent-Sender: owner@bugs.x2go.org X-X2Go-PR-Message: report 646 X-X2Go-PR-Package: pyhoca-gui X-X2Go-PR-Keywords: Received: via spool by submit@bugs.x2go.org id=B.141381109129895 (code B); Mon, 20 Oct 2014 13:20:01 +0000 Received: (at submit) by bugs.x2go.org; 20 Oct 2014 13:18:11 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50,FREEMAIL_FROM, T_DKIM_INVALID,URIBL_BLOCKED autolearn=ham version=3.3.2 Received: from mail-wg0-f51.google.com (mail-wg0-f51.google.com [74.125.82.51]) by ymir.das-netzwerkteam.de (Postfix) with ESMTPS id F37865DB47 for ; Mon, 20 Oct 2014 15:18:09 +0200 (CEST) Received: by mail-wg0-f51.google.com with SMTP id b13so5421506wgh.22 for ; Mon, 20 Oct 2014 06:18:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=yf0UXX2gwuwqXuI4vXxXcEJCoGWV2OMPd0OclqWX26Y=; b=Cv+FBkY1RS0Ym5RXxEV/TyfwlnS+0AFvkdqg0fgVk8TDiWkLH1m1S/2a5MUpAcLG5c baBgfuMU/BjHvbZtKvIK60mpeNr5zNCyh3234SB59xG5hvt3FTTeQNfsKUiXVM0MFO3V wAWMNhuZ6Mxp7+TsD63tSAUvF7ZeMXTxjBkm3oLPT8CNegOMvRUvXadFrV933wF9viph pHbKbyM6TU93xP3Jasy3t/0oU4JvM0Do7JUOVAtU0J7XZJOMGE9FPnit2jPe+yBVPhfK jX4dvli2s8OjenOsA1PLcrHuNpXoaHAFBUPpm0Su81iv9OMM6/eQ7KSRQPsrREyev+KN FOwg== MIME-Version: 1.0 X-Received: by 10.194.239.10 with SMTP id vo10mr33450327wjc.29.1413811089600; Mon, 20 Oct 2014 06:18:09 -0700 (PDT) Received: by 10.180.211.11 with HTTP; Mon, 20 Oct 2014 06:18:09 -0700 (PDT) Date: Mon, 20 Oct 2014 09:18:09 -0400 Message-ID: From: Michael DePaulo To: submit@bugs.x2go.org Content-Type: text/plain; charset=UTF-8 package: pyhoca-gui version: 0.5.0.0-pre02 NOTE: This bug is specifically about the Windows builds of PyHoca-GUI. When I built PyHoca-GUI 0.5.0.0-pre02 for for Windows, I used the latest Windows build of PyCrypto, 2.6, available here (and linked to from the wiki): http://www.voidspace.org.uk/python/modules.shtml#pycrypto Unfortunately, there is a vulnerability (CVE-2013-1445) in 2.6. 2.6.1 was released to fix it: https://github.com/dlitz/pycrypto/blob/7fd528d03b5eae58eef6fd219af5d9ac9c83fa50/ChangeLog I am attempting to find a Windows build of PyCrypto 2.6.1 for Python 2.7 32-bit. This is blocking my release of PyHoca-GUI 0.5.0.0 for Windows. if I cannot find one, I will try to build PyCrypto 2.6.1 myself. I welcome any help. -Mike#2