{"update": {"autokarma": false, "autotime": false, "stable_karma": 3, "stable_days": 0, "unstable_karma": -1, "require_bugs": false, "require_testcases": false, "display_name": "", "notes": "A heap-buffer overflow vulnerability was discovered in pycrypto leading to arbitrary code execution. All users of pycrypto's AES module that allow the mode of operation to be specified by an attacker, check for ECB explicitly and create the objects without specifying an IV are vulnerable to this issue.\n\nThis is CVE-2013-7459.\n", "type": "security", "status": "stable", "request": null, "severity": "high", "suggest": "unspecified", "locked": false, "pushed": true, "critpath": false, "critpath_groups": null, "close_bugs": true, "date_submitted": "2017-01-18 18:29:42", "date_modified": null, "date_approved": null, "date_testing": "2017-01-19 06:22:26", "date_stable": "2017-01-30 21:12:12", "alias": "FEDORA-2017-08207fe48b", "test_gating_status": null, "from_tag": null, "date_pushed": "2017-01-30 21:12:12", "meets_testing_requirements": false, "url": "https://bodhi.stg.fedoraproject.org/updates/FEDORA-2017-08207fe48b", "title": "python-crypto-2.6.1-13.fc24", "version_hash": "4e14ffbe0371602d4f988b50b2be9b862e58d434", "release": {"name": "F24", "long_name": "Fedora 24", "version": "24", "id_prefix": "FEDORA", "branch": "f24", "dist_tag": "f24", "stable_tag": "f24-updates", "testing_tag": "f24-updates-testing", "candidate_tag": "f24-updates-candidate", "pending_signing_tag": "f24-signing-pending", "pending_testing_tag": "f24-updates-testing-pending", "pending_stable_tag": "f24-updates-pending", "override_tag": "f24-override", "mail_template": "fedora_errata_template", "state": "archived", "composed_by_bodhi": true, "create_automatic_updates": null, "package_manager": "dnf", "testing_repository": "updates-testing", "released_on": null, "eol": null, "critpath_mandatory_days_in_testing": 14, "mandatory_days_in_testing": 7, "critpath_min_karma": 2, "min_karma": 1, "setting_status": null}, "user": {"name": "pghmcfc", "email": "paul@city-fan.org", "id": 165, "avatar": "https://seccdn.libravatar.org/avatar/e6d92d9d894db58d2c7e8c1a627b669f062f35ef31fdaa8d8c7b57068b2416e1?s=24&d=retro", "openid": "pghmcfc.id.stg.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "provenpackager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "perl-maint-sig"}]}, "comments": [{"karma": 0, "karma_critpath": 0, "text": "This update has been submitted for testing by pghmcfc. ", "timestamp": "2017-01-18 18:29:42", "update_id": 77981, "user_id": 91, "id": 550664, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been pushed to testing.", "timestamp": "2017-01-19 07:24:34", "update_id": 77981, "user_id": 91, "id": 550881, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 1, "karma_critpath": 0, "text": "no regressions noted", "timestamp": "2017-01-19 22:08:52", "update_id": 77981, "user_id": 124, "id": 551425, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "filiperosset", "email": "rosset.filipe@gmail.com", "id": 124, "avatar": "https://seccdn.libravatar.org/avatar/f4394b8fb4c9a99c4b534dc724912fe75a5b87fe15048985ece8388c2441d0ca?s=24&d=retro", "openid": "filiperosset.id.stg.fedoraproject.org", "groups": [{"name": "proventesters"}, {"name": "provenpackager"}, {"name": "packager"}, {"name": "trust admins"}, {"name": "signed_fpca"}, {"name": "fedora-contributor"}, {"name": "l10n"}, {"name": "cvsl10n"}, {"name": "ipausers"}, {"name": "fedora-br"}, {"name": "fedorabugs"}, {"name": "ambassadors"}]}}, {"karma": 1, "karma_critpath": 0, "text": "Works for me", "timestamp": "2017-01-20 15:14:08", "update_id": 77981, "user_id": 308, "id": 551742, "bug_feedback": [{"karma": 0, "comment_id": 551742, "bug_id": 1409754, "bug": {"bug_id": 1409754, "title": "CVE-2013-7459 pycrypto: Heap-buffer overflow in ALGobject structure", "security": true, "parent": true}}], "testcase_feedback": [], "user": {"name": "chr77", "email": "chr77@protonmail.com", "id": 308, "avatar": "https://seccdn.libravatar.org/avatar/c9ddae9d692ab2ea6cecd787db18332407bb29982c8a1eae39771bfb270b71fd?s=24&d=retro", "openid": "chr77.id.stg.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "trust admins"}]}}, {"karma": 1, "karma_critpath": 0, "text": "LGTM", "timestamp": "2017-01-20 15:20:44", "update_id": 77981, "user_id": 2998, "id": 551760, "bug_feedback": [{"karma": 0, "comment_id": 551760, "bug_id": 1409754, "bug": {"bug_id": 1409754, "title": "CVE-2013-7459 pycrypto: Heap-buffer overflow in ALGobject structure", "security": true, "parent": true}}], "testcase_feedback": [], "user": {"name": "samoht0", "email": "samoht0-bugzilla@yahoo.com", "id": 2998, "avatar": "https://seccdn.libravatar.org/avatar/4a429e081c6c9f7b9d9cd4a3f4037fc93517c13e17258f8549f2d2f85f0912e7?s=24&d=retro", "openid": "samoht0.id.stg.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "trust admins"}]}}, {"karma": 0, "karma_critpath": 0, "text": "This update has reached the stable karma threshold and can be pushed to stable now if the maintainer wishes.", "timestamp": "2017-01-20 18:00:21", "update_id": 77981, "user_id": 91, "id": 551813, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been submitted for stable by pghmcfc. ", "timestamp": "2017-01-30 14:42:39", "update_id": 77981, "user_id": 91, "id": 555838, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been pushed to stable.", "timestamp": "2017-01-30 22:18:07", "update_id": 77981, "user_id": 91, "id": 555928, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}], "builds": [{"nvr": "python-crypto-2.6.1-13.fc24", "signed": true, "release_id": 14, "type": "rpm", "epoch": 0}], "bugs": [{"bug_id": 1409754, "title": "CVE-2013-7459 pycrypto: Heap-buffer overflow in ALGobject structure", "security": true, "parent": true, "feedback": [{"karma": 0, "comment_id": 551742, "bug_id": 1409754, "comment": {"karma": 1, "karma_critpath": 0, "text": "Works for me", "timestamp": "2017-01-20 15:14:08", "update_id": 77981, "user_id": 308, "id": 551742, "testcase_feedback": [], "user": {"name": "chr77", "email": "chr77@protonmail.com", "id": 308, "avatar": "https://seccdn.libravatar.org/avatar/c9ddae9d692ab2ea6cecd787db18332407bb29982c8a1eae39771bfb270b71fd?s=24&d=retro", "openid": "chr77.id.stg.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "trust admins"}]}}}, {"karma": 0, "comment_id": 551760, "bug_id": 1409754, "comment": {"karma": 1, "karma_critpath": 0, "text": "LGTM", "timestamp": "2017-01-20 15:20:44", "update_id": 77981, "user_id": 2998, "id": 551760, "testcase_feedback": [], "user": {"name": "samoht0", "email": "samoht0-bugzilla@yahoo.com", "id": 2998, "avatar": "https://seccdn.libravatar.org/avatar/4a429e081c6c9f7b9d9cd4a3f4037fc93517c13e17258f8549f2d2f85f0912e7?s=24&d=retro", "openid": "samoht0.id.stg.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "trust admins"}]}}}, {"karma": 0, "comment_id": 558235, "bug_id": 1409754, "comment": {"karma": -1, "karma_critpath": 0, "text": "Hi,\nthis breaks package python-paramiko on EPEL, see:\nhttps://bugzilla.redhat.com/show_bug.cgi?id=1419312\n\nA possible (nice) solution - as was done in fc24, is to build and provide python-paramiko2.x in EPEL, which does not depend on python2-crypto(instead it depends on python2-cryptography, which is supposed to be more secure and maintained).\n\n", "timestamp": "2017-02-05 12:19:35", "update_id": 77970, "user_id": 3449, "id": 558235, "testcase_feedback": [], "user": {"name": "ngoldin", "email": "ngoldin@redhat.com", "id": 3449, "avatar": "https://seccdn.libravatar.org/avatar/c1a23a9dd11c7db98bb935c2b3a1f1da1aee66f768b2ff5509326f1196328785?s=24&d=retro", "openid": "ngoldin.id.stg.fedoraproject.org", "groups": []}}}, {"karma": 0, "comment_id": 559036, "bug_id": 1409754, "comment": {"karma": 0, "karma_critpath": 0, "text": "The issue is fixed in python-paramiko-1.16.1-2.el7, which is currently in updates-testing.", "timestamp": "2017-02-07 09:51:18", "update_id": 77970, "user_id": 165, "id": 559036, "testcase_feedback": [], "user": {"name": "pghmcfc", "email": "paul@city-fan.org", "id": 165, "avatar": "https://seccdn.libravatar.org/avatar/e6d92d9d894db58d2c7e8c1a627b669f062f35ef31fdaa8d8c7b57068b2416e1?s=24&d=retro", "openid": "pghmcfc.id.stg.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "provenpackager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "perl-maint-sig"}]}}}]}], "updateid": "FEDORA-2017-08207fe48b", "karma": 3, "content_type": "rpm", "test_cases": []}, "can_edit": false, "ci_allowed": false}