Summary: | dev-python/paramiko < 1.7.2 insecure use of RandomPool (CVE-2008-0299) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | David Guerizec <david+gentoo> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | python |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | All | ||
URL: | http://www.lag.net/pipermail/paramiko/2008-January/000599.html | ||
Whiteboard: | B3? [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
David Guerizec
2008-01-14 11:09:12 UTC
Seems like lag.net is currently down. As long as the site is down, the patch can also be found here: http://people.debian.org/~nion/nmu-diff/paramiko-1.6.4-1_1.6.4-1.1.patch A CVE seems to have been created: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0299 (In reply to comment #2) > As long as the site is down, the patch can also be found here: > http://people.debian.org/~nion/nmu-diff/paramiko-1.6.4-1_1.6.4-1.1.patch > python herd, please provide an updated ebuild. Please note that a new paramiko release is available, fixing this issue. see http://www.lag.net/pipermail/paramiko/2008-January/000604.html *** Bug 207312 has been marked as a duplicate of this bug. *** paramiko-1.7.2 is in CVS. > paramiko-1.7.2 is in CVS.
Arches, please test and mark stable. Target "amd64 ~hppa ia64 ~ppc sparc x86 ~x86-fbsd"
x86 stable ia64/sparc stable amd64 stable, closing. please don't close security bugs... time for GLSA decision. I vote YES. Voting YES and filing. Fixed in release snapshot. GLSa 200803-07 |