Your message dated Wed, 23 Jan 2008 00:47:03 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#460706: fixed in paramiko 1.6.4-1.1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: python-paramiko
Version: 1.7.1-1
Severity: grave
Tags: security
Justification: user security hole
Hi !
Using paramiko with threads or multiple forking processes may lead to
data leak. You can find the explanation and a patch here:
http://www.lag.net/pipermail/paramiko/2008-January/000599.html
(look at the followup to fix an error in the patch proposed).
Thanks.
-- System Information:
Debian Release: lenny/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'stable'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.22-3-686-bigmem (SMP w/2 CPU cores)
Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash
Versions of packages python-paramiko depends on:
ii python-crypto 2.0.1+dfsg1-2.1 cryptographic algorithms and proto
ii python-support 0.7.6 automated rebuilding support for p
python-paramiko recommends no packages.
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: paramiko
Source-Version: 1.6.4-1.1
We believe that the bug you reported is fixed in the latest version of
paramiko, which is due to be installed in the Debian FTP archive:
paramiko_1.6.4-1.1.diff.gz
to pool/main/p/paramiko/paramiko_1.6.4-1.1.diff.gz
paramiko_1.6.4-1.1.dsc
to pool/main/p/paramiko/paramiko_1.6.4-1.1.dsc
python-paramiko_1.6.4-1.1_all.deb
to pool/main/p/paramiko/python-paramiko_1.6.4-1.1_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Nico Golde <[EMAIL PROTECTED]> (supplier of updated paramiko package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Mon, 14 Jan 2008 19:36:40 +0100
Source: paramiko
Binary: python-paramiko
Architecture: source all
Version: 1.6.4-1.1
Distribution: unstable
Urgency: high
Maintainer: Jeremy T. Bouse <[EMAIL PROTECTED]>
Changed-By: Nico Golde <[EMAIL PROTECTED]>
Description:
python-paramiko - make SSH2 connections with python
Closes: 460706
Changes:
paramiko (1.6.4-1.1) unstable; urgency=high
.
* Non-maintainer upload by security team.
* Fix insecure use of RandomPool if paramiko is used for threads or multiple
forked processes. This enables one session to predict random data of
another session using its own random data.
(CVE id pending; Closes: #460706).
Files:
6910ac18ef65835a3ede7bfad1a2a31a 697 python optional paramiko_1.6.4-1.1.dsc
09b6492c9bbdfd840353519b91fa8f7f 3210 python optional
paramiko_1.6.4-1.1.diff.gz
acb2ea8576c1d9f78fb7f57ed565164f 117088 python optional
python-paramiko_1.6.4-1.1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFHlox9HYflSXNkfP8RAjlRAJwOeaNoE/9IBAegmMiiMZ3e1ymz4ACgrip7
sehUiMfvpWQHpJO8zlOJbLg=
=FkGS
-----END PGP SIGNATURE-----
--- End Message ---
