[Duplicity-talk] CTR mode needs counter parameter, not IV

duplicity-talk

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Duplicity-talk] CTR mode needs counter parameter, not IV

From:	zeug
Subject:	[Duplicity-talk] CTR mode needs counter parameter, not IV
Date:	Tue, 24 Jan 2017 19:25:12 +0100

I've tracked the problem down to (unpublished) CVE-2013-7459 dealing with a bug 
in pycrypto:

Heap-buffer overflow in ALGobject structure
https://access.redhat.com/security/cve/cve-2013-7459

It has already been fixed on Gentoo (and other distros) by the following patch:

https://gitweb.gentoo.org/repo/gentoo.git/tree/dev-python/pycrypto/files/pycrypto-2.6.1-CVE-2013-7459.patch

Apparently, duplicity needs some modifications as well since pycrypto will most 
likely apply this patch in the near future.

For now, the workaround on Gentoo is a simple rollback to pycrypto-2.6.1-r1 
which does not yet contain the patch.

[Prev in Thread]

Current Thread

[Next in Thread]

[Duplicity-talk] CTR mode needs counter parameter, not IV, zeug, 2017/01/24
- Re: [Duplicity-talk] CTR mode needs counter parameter, not IV, edgar . soldin, 2017/01/24
  - Re: [Duplicity-talk] CTR mode needs counter parameter, not IV, zeug, 2017/01/24
- [Duplicity-talk] CTR mode needs counter parameter, not IV, zeug <=

Prev by Date: [Duplicity-talk] CTR mode needs counter parameter, not IV
Next by Date: Re: [Duplicity-talk] CTR mode needs counter parameter, not IV
Previous by thread: Re: [Duplicity-talk] CTR mode needs counter parameter, not IV
Next by thread: Re: [Duplicity-talk] Syntax of duplicity verify command
Index(es):
- Date
- Thread