X2Go Bug report logs - #646
PyHoca-GUI for Windows has PyCrypto 2.6.0 with CVE-2013-1445

version graph

Package: pyhoca-gui; Maintainer for pyhoca-gui is X2Go Developers <x2go-dev@lists.x2go.org>; Source for pyhoca-gui is src:pyhoca-gui.

Reported by: Michael DePaulo <mikedep333@gmail.com>

Date: Mon, 20 Oct 2014 13:20:01 UTC

Severity: normal

Tags: pending

Found in version

Fixed in version

Done: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>

Bug is archived. No further changes may be made.

Full log

Message #5 received at submit@bugs.x2go.org (full text, mbox, reply):

Received: (at submit) by bugs.x2go.org; 20 Oct 2014 13:18:11 +0000
From mikedep333@gmail.com  Mon Oct 20 15:18:10 2014
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on
X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50,FREEMAIL_FROM,
	T_DKIM_INVALID,URIBL_BLOCKED autolearn=ham version=3.3.2
Received: from mail-wg0-f51.google.com (mail-wg0-f51.google.com [])
	by ymir.das-netzwerkteam.de (Postfix) with ESMTPS id F37865DB47
	for <submit@bugs.x2go.org>; Mon, 20 Oct 2014 15:18:09 +0200 (CEST)
Received: by mail-wg0-f51.google.com with SMTP id b13so5421506wgh.22
        for <submit@bugs.x2go.org>; Mon, 20 Oct 2014 06:18:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
MIME-Version: 1.0
X-Received: by with SMTP id vo10mr33450327wjc.29.1413811089600;
 Mon, 20 Oct 2014 06:18:09 -0700 (PDT)
Received: by with HTTP; Mon, 20 Oct 2014 06:18:09 -0700 (PDT)
Date: Mon, 20 Oct 2014 09:18:09 -0400
Message-ID: <CAMKht8hFPP1zsnaz1Amv46oC8BJzVxy_827pz4tGsrwcuv8yYw@mail.gmail.com>
Subject: PyHoca-GUI for Windows has PyCrypto 2.6.0 with CVE-2013-1445
From: Michael DePaulo <mikedep333@gmail.com>
To: submit@bugs.x2go.org
Content-Type: text/plain; charset=UTF-8
package: pyhoca-gui

NOTE: This bug is specifically about the Windows builds of PyHoca-GUI.

When I built PyHoca-GUI for for Windows, I used the
latest Windows build of PyCrypto, 2.6, available here (and linked to
from the wiki):

Unfortunately, there is a vulnerability (CVE-2013-1445) in 2.6. 2.6.1
was released to fix it:

I am attempting to find a Windows build of PyCrypto 2.6.1 for Python
2.7 32-bit. This is blocking my release of PyHoca-GUI for
Windows. if I cannot find one, I will try to build PyCrypto 2.6.1
myself. I welcome any help.


Send a report that this bug log contains spam.

X2Go Developers <owner@bugs.x2go.org>. Last modified: Sun Aug 18 07:27:27 2019; Machine Name: ymir.das-netzwerkteam.de

X2Go Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.