[Bug 248744] [NEW] paramiko random number regression: Stop using RandomPool
Launchpad Bug Tracker
248744 at bugs.launchpad.net
Fri Jul 18 15:13:49 BST 2008
*** This bug is a security vulnerability ***
You have been subscribed to a private security bug by Matthias Klose (doko):
See http://www.lag.net/pipermail/paramiko/2008-April/000678.html
"Revision #486 [1] (and therefore Paramiko 1.7.3) re-introduces the
problems associated with PyCrypto's RandomPool class that I described
in my post back in January. RandomPool is not a simple "get random
bits" primitive, but paramiko is again using it as one."
Patch at http://www.lag.net/pipermail/paramiko/2008-April/000679.html
This is fixed in the new upstream 1.7.4 as well.
** Affects: paramiko (Ubuntu)
Importance: Undecided
Status: New
--
paramiko random number regression: Stop using RandomPool
https://bugs.edge.launchpad.net/bugs/248744
You received this bug notification because you are a member of Ubuntu Package Archive Administrators, which is a direct subscriber.
More information about the ubuntu-archive
mailing list