Hi On 2017-01-05 19:58:53, Adam D. Barratt wrote: > Control: tags -1 + confirmed > > On Tue, 2017-01-03 at 14:05 +0100, Sebastian Ramacher wrote: > > Hi > > > > On 2017-01-03 11:05:40, Sebastian Ramacher wrote: > > > On 2017-01-01 20:55:40, Sebastian Ramacher wrote: > [..] > > > > > > > > > > On Thu, 2016-12-29 at 23:15 +0100, Sebastian Ramacher wrote: > > > > > > I'd like to fix CVE-2013-7459 (#849495) in jessie via the next > > > > > > point release. > > > > > > The issue was marked as no-dsa. > > > > > > > > > > > > The proposed debdiff is attached. The same patch was applied to the > > > > > > package in > > > > > > unstable. > > > > > > > > > > + * Throw exception when IV is used with ECB or CTR (CVE-2013-7459) > [...] > > > Seems like python-paramiko broke in wheezy-lts (#850025). I will come > > > back to > > > you once I've checked if stable is affected as well. > > > > New debdiff is attached. Instead of throwing an exception the IV is simply > > ignored and a warning is displayed. > > The patch itself still refers to exceptions in its metadata, fwiw.
Thanks, updated the metadata and explained the change compared to the original upstream patch. > Please go ahead. Uploaded with above change. Cheers -- Sebastian Ramacher
signature.asc
Description: PGP signature
