Created attachment 464472 [details, diff] CVE-2013-7459 regression Debian/Ubuntu has update their pycrypto patch for CVE-2013-7459, from $URL: A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.10 - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: USN-3199-1 introduced a regression in the Python Cryptography Toolkit which caused programs which relied on the original behavior to fail. Software Description: - python-crypto: cryptographic algorithms and protocols for Python Details: USN-3199-1 fixed a vulnerability in the Python Cryptography Toolkit. Unfortunately, various programs depended on the original behavior of the Python Cryptography Toolkit which was altered when fixing the vulnerability. This update retains the fix for the vulnerability but issues a warning rather than throwing an exception. Code which produces this warning should be updated because future versions of the Python Cryptography Toolkit re-introduce the exception. We apologize for the inconvenience. We should probably do the same. I am attaching Debian/Ubuntu's patch.
It looks like this may still be worth applying?
It's been removed.
The patch already existed in the stable version that was removed from the tree. This bug was opened, FWICS, to address throwing an error vice an exception. As such, closing because there is no requirement for a security notice.
