guix-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: pycrypto buffer overflow (potentially affects onionshare and other p


From: Leo Famulari
Subject: Re: pycrypto buffer overflow (potentially affects onionshare and other packages)
Date: Mon, 2 Jan 2017 23:59:47 -0500
User-agent: Mutt/1.7.2 (2016-11-26)

On Mon, Jan 02, 2017 at 09:41:26PM +0100, Ludovic Courtès wrote:
> Leo Famulari <address@hidden> skribis:
> > Based on my discussion with the Stem maintainer, I removed pycrypto from
> > the dependency graph of OnionShare and added a comment about removing
> > the pycrypto package in 4de2a710a6a309a1601f1cf6fc15b9b638d3a3cb and
> > 1194575b3c44969e4f68cd10a62e6ed8603e39b4, respectively.
> 
> Thanks.  Looks like another case of an important piece of software
> lacking a maintainer…

At this point, I think it's recommended to use the 'cryptography'
module, which we have as python-cryptography. This seems to be where all
the development energy is being spent.

Debian adapted the upstream patch:

https://anonscm.debian.org/cgit/collab-maint/python-crypto.git/commit/?id=0de2243837ed369a086f15c50cca2be85bdfab9d

What do people think?



reply via email to

[Prev in Thread] Current Thread [Next in Thread]