Package: python-m2crypto Version: 0.20.1-1+b1 Severity: important
The main bug effects Debian stable only. Debian Unstable is not effected, and neither is Scientific Linux 5 and 6. The below code will succeed with some X509 certs, and signed SMIME messages. Its success depends upon the certificate attributes. If no attributes are present the code will succeed. If the attributes allow signing email the code will succeed, unfortunately if it contains attributes and the attributes do not contain email the code will Segmentation fault. from M2Crypto import SMIME, X509 s = SMIME.SMIME() x509c = X509.load_cert('/tmp/hepix-ca/0829706c.0') sk = X509.X509_Stack() sk.push(x509c) s.set_x509_stack(sk) st = X509.X509_Store() st.load_info('/tmp/hepix-ca/0829706c.0') s.set_x509_store(st) p7, data = SMIME.smime_load_pkcs7('bill') v = s.verify(p7,data,1023) print v Since the following code does not know if the message was sent over SMTP the attributes should not effect behaviour, as SMIME and SMTP are independent according to specification. This second issue effects all versions of Debian. -- System Information: Debian Release: 6.0.2 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages python-m2crypto depends on: ii libc6 2.11.2-10 Embedded GNU C Library: Shared lib ii libssl0.9.8 0.9.8o-4squeeze2 SSL shared libraries ii python 2.6.6-3+squeeze6 interactive high-level object-orie ii python-support 1.0.10 automated rebuilding support for P python-m2crypto recommends no packages. python-m2crypto suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org