[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: pycrypto buffer overflow (potentially affects onionshare and other p

From: Ludovic Courtès
Subject: Re: pycrypto buffer overflow (potentially affects onionshare and other packages)
Date: Thu, 05 Jan 2017 11:39:58 +0100
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/25.1 (gnu/linux)

Leo Famulari <address@hidden> skribis:

> On Mon, Jan 02, 2017 at 09:41:26PM +0100, Ludovic Courtès wrote:
>> Leo Famulari <address@hidden> skribis:
>> > Based on my discussion with the Stem maintainer, I removed pycrypto from
>> > the dependency graph of OnionShare and added a comment about removing
>> > the pycrypto package in 4de2a710a6a309a1601f1cf6fc15b9b638d3a3cb and
>> > 1194575b3c44969e4f68cd10a62e6ed8603e39b4, respectively.
>> Thanks.  Looks like another case of an important piece of software
>> lacking a maintainer…
> At this point, I think it's recommended to use the 'cryptography'
> module, which we have as python-cryptography. This seems to be where all
> the development energy is being spent.
> Debian adapted the upstream patch:
> What do people think?

Maybe we should apply this patch as well as progressively migrate to
python-cryptography whenever possible?


reply via email to

[Prev in Thread] Current Thread [Next in Thread]