Your message dated Sat, 05 Nov 2022 15:32:59 +0000
with message-id <e1orlaj-00c7gi...@fasolo.debian.org>
and subject line Bug#1023030: fixed in pysha3 1.0.2-4.1+deb11u1
has caused the Debian Bug report #1023030,
regarding pysha3: Affected by CVE-2022-37454, unmaintained, remove from Debian?
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1023030: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1023030
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: pysha3
Version: 1.0.2-4.2
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: Debian Security Team <t...@security.debian.org>
Forwarded: https://github.com/tiran/pysha3/issues/29
pysha3 is affected by CVE-2022-37454, a security issue in Keccak
See: https://github.com/python/cpython/issues/98517
https://mouha.be/sha-3-buffer-overflow/
This is a backport module to bring a feature from Python 3.6 back to
older versions.
It seems very dead upstream, should we just remove it from the archive?
There is currently one reverse-dependency, python-opentimestamps, and I
think we can trivially migrate that to use hashlib.
SR
--- End Message ---
--- Begin Message ---
Source: pysha3
Source-Version: 1.0.2-4.1+deb11u1
Done: Stefano Rivera <stefa...@debian.org>
We believe that the bug you reported is fixed in the latest version of
pysha3, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1023...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Stefano Rivera <stefa...@debian.org> (supplier of updated pysha3 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 29 Oct 2022 15:13:09 +0200
Source: pysha3
Architecture: source
Version: 1.0.2-4.1+deb11u1
Distribution: bullseye-security
Urgency: high
Maintainer: Ben Finney <bign...@debian.org>
Changed-By: Stefano Rivera <stefa...@debian.org>
Closes: 1023030
Changes:
pysha3 (1.0.2-4.1+deb11u1) bullseye-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Fix a buffer overflow issue in SHA-3 CVE-2022-37454 (Closes: #1023030).
Checksums-Sha1:
3f0237ed6dc3a66eddd8c906deba077c729bbe3b 1458 pysha3_1.0.2-4.1+deb11u1.dsc
638d3d0a3545520dedbd91bcf8120bad1a89f74a 829192 pysha3_1.0.2.orig.tar.gz
fc1f1f308aaac7c855df696fef6255fa1bb8070c 9756
pysha3_1.0.2-4.1+deb11u1.debian.tar.xz
1a308c67a85db9ad38161356c410494084011769 6908
pysha3_1.0.2-4.1+deb11u1_source.buildinfo
Checksums-Sha256:
82093ab5b86ab8c8df67f6d9ba53c8bdb1aae489d2b6ae013e46bcfca7d4417e 1458
pysha3_1.0.2-4.1+deb11u1.dsc
fe988e73f2ce6d947220624f04d467faf05f1bbdbc64b0a201296bb3af92739e 829192
pysha3_1.0.2.orig.tar.gz
ca0afe5ef27304e5a420d00ef08bba2dcf07cf292663b8b026bb6dc17219b08d 9756
pysha3_1.0.2-4.1+deb11u1.debian.tar.xz
4418a329040aef535a6e6650cd4a0e7d5226f4fd52fde38cc2d04fb4daa066b0 6908
pysha3_1.0.2-4.1+deb11u1_source.buildinfo
Files:
0e87afad11b34508fe73d3d038ccb7fc 1458 python optional
pysha3_1.0.2-4.1+deb11u1.dsc
59cd2db7a9988c1f3f6aee40145e0c96 829192 python optional
pysha3_1.0.2.orig.tar.gz
82b5f7b78262a417ea8f1cc6aea10476 9756 python optional
pysha3_1.0.2-4.1+deb11u1.debian.tar.xz
0fda152bc57d3fb68bdf709b7cc3da3b 6908 python optional
pysha3_1.0.2-4.1+deb11u1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iIoEARYKADIWIQTumtb5BSD6EfafSCRHew2wJjpU2AUCY114gxQcc3RlZmFub3JA
ZGViaWFuLm9yZwAKCRBHew2wJjpU2AYDAP0bpItVHLEcH3/PIWnh1gA84EoQ618b
ZxDIGkzzP52Q6QEAu3K1PUrM6j8WFVV7u2QdfOuxwNgx/yprY2AmSRKKPQk=
=5IFW
-----END PGP SIGNATURE-----
--- End Message ---
