[X2Go-Dev] Bug#646: PyHoca-GUI for Windows 0.5.0.0-pre02 has PyCrypto 2.6.0 with CVE-2013-1445
Michael DePaulo
mikedep333 at gmail.com
Mon Oct 20 15:18:09 CEST 2014
package: pyhoca-gui
version: 0.5.0.0-pre02
NOTE: This bug is specifically about the Windows builds of PyHoca-GUI.
When I built PyHoca-GUI 0.5.0.0-pre02 for for Windows, I used the
latest Windows build of PyCrypto, 2.6, available here (and linked to
from the wiki):
http://www.voidspace.org.uk/python/modules.shtml#pycrypto
Unfortunately, there is a vulnerability (CVE-2013-1445) in 2.6. 2.6.1
was released to fix it:
https://github.com/dlitz/pycrypto/blob/7fd528d03b5eae58eef6fd219af5d9ac9c83fa50/ChangeLog
I am attempting to find a Windows build of PyCrypto 2.6.1 for Python
2.7 32-bit. This is blocking my release of PyHoca-GUI 0.5.0.0 for
Windows. if I cannot find one, I will try to build PyCrypto 2.6.1
myself. I welcome any help.
-Mike#2
More information about the x2go-dev
mailing list