CTR mode needs counter parameter, not IV

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

CTR mode needs counter parameter, not IV

duplicity-talk mailing list
I've tracked the problem down to (unpublished) CVE-2013-7459 dealing with a bug in pycrypto:

Heap-buffer overflow in ALGobject structure
https://access.redhat.com/security/cve/cve-2013-7459

It has already been fixed on Gentoo (and other distros) by the following patch:

https://gitweb.gentoo.org/repo/gentoo.git/tree/dev-python/pycrypto/files/pycrypto-2.6.1-CVE-2013-7459.patch

Apparently, duplicity needs some modifications as well since pycrypto will most likely apply this patch in the near future.

For now, the workaround on Gentoo is a simple rollback to pycrypto-2.6.1-r1 which does not yet contain the patch.
_______________________________________________
Duplicity-talk mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/duplicity-talk