m2crypto - Debian Package Tracker

general

source: m2crypto (main)
version: 0.38.0-2
maintainer: Sandro Tosi (DMD)
uploaders: Debian Python Team [DMD]
arch: all any
std-ver: 4.5.1
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 0.24.0-1.1
oldstable: 0.31.0-4+deb10u2
old-bpo: 0.31.0-6~bpo10+1
stable: 0.37.1-2
testing: 0.38.0-2
unstable: 0.38.0-2

versioned links

0.24.0-1.1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.31.0-4+deb10u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.31.0-6~bpo10+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.37.1-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.38.0-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

python-m2crypto-doc
python3-m2crypto

action needed

Debci reports failed tests high

unstable: fail (log)
The tests ran in 0:01:01
Last run: 2022-05-22T22:31:01.000Z
Previous status: fail

testing: pass (log)
The tests ran in 0:03:35
Last run: 2022-05-28T10:19:00.000Z
Previous status: tmpfail

stable: pass (log)
The tests ran in 0:01:56
Last run: 2022-05-05T07:21:10.000Z
Previous status: pass

Created: 2022-05-17 Last update: 2022-05-28 13:37

lintian reports 10 errors and 3 warnings high

Lintian reports 10 errors and 3 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2021-04-11 Last update: 2022-01-01 04:33

1 security issue in sid high

There is 1 open security issue in sid.

1 important issue:

CVE-2020-25657: A flaw was found in all released versions of m2crypto, where they are vulnerable to Bleichenbacher timing attacks in the RSA decryption API via the timed processing of valid PKCS#1 v1.5 Ciphertext. The highest threat from this vulnerability is to confidentiality.

Created: 2021-02-19 Last update: 2021-12-05 06:30

1 security issue in bookworm high

There is 1 open security issue in bookworm.

1 important issue:

CVE-2020-25657: A flaw was found in all released versions of m2crypto, where they are vulnerable to Bleichenbacher timing attacks in the RSA decryption API via the timed processing of valid PKCS#1 v1.5 Ciphertext. The highest threat from this vulnerability is to confidentiality.

Created: 2021-08-15 Last update: 2021-12-05 06:30

version in VCS is newer than in repository, is it time to upload? normal

vcswatch reports that this package seems to have a new changelog entry (version 0.38.0-3, distribution UNRELEASED) and new commits in its VCS. You should consider whether it's time to make an upload.

Here are the relevant commit messages:

commit 82c2d28d5d605d6c46a8f7221046ba2d3af64690
Author: Stefano Rivera <stefanor@debian.org>
Date:   Wed May 18 10:27:32 2022 -0400

    Skip TLSv1.0 test, no longer possible to run it.

commit 626249735869cda5e1becb5c23c5d5b52f691605
Author: Stefano Rivera <stefanor@debian.org>
Date:   Wed May 18 10:05:17 2022 -0400

    fixup! Load legacy provider of openssl v3, to avoid segfault in tests when m2crypto tests legacy things. Thanks Dimitri John Ledkov for the patch. Closes: #1006508

commit b2083e8fcd6b7a2d8106f03fb9d14cd84188f253
Author: Stefano Rivera <stefanor@debian.org>
Date:   Wed May 18 08:59:49 2022 -0400

    Apply 4 patches to get the tests passing on OpenSSL 3.

commit 6c4ac9d168022e8da1c01a4ea848892fae425e75
Author: Stefano Rivera <stefanor@debian.org>
Date:   Wed May 18 08:43:36 2022 -0400

    Load legacy provider of openssl v3, to avoid segfault in tests when m2crypto tests legacy things. Thanks Dimitri John Ledkov for the patch. Closes: #1006508

Created: 2022-05-18 Last update: 2022-05-27 05:35

Multiarch hinter reports 1 issue(s) low

There are issues with the multiarch metadata for this package.

python-m2crypto-doc could be marked Multi-Arch: foreign

Created: 2018-05-07 Last update: 2022-05-28 09:05

1 low-priority security issue in buster low

There is 1 open security issue in buster.

1 issue left for the package maintainer to handle:

CVE-2020-25657: (needs triaging) A flaw was found in all released versions of m2crypto, where they are vulnerable to Bleichenbacher timing attacks in the RSA decryption API via the timed processing of valid PKCS#1 v1.5 Ciphertext. The highest threat from this vulnerability is to confidentiality.

You can find information about how to handle this issue in the security team's documentation.

Created: 2021-02-19 Last update: 2021-12-05 06:30

1 low-priority security issue in bullseye low

There is 1 open security issue in bullseye.

1 issue left for the package maintainer to handle:

CVE-2020-25657: (needs triaging) A flaw was found in all released versions of m2crypto, where they are vulnerable to Bleichenbacher timing attacks in the RSA decryption API via the timed processing of valid PKCS#1 v1.5 Ciphertext. The highest threat from this vulnerability is to confidentiality.

You can find information about how to handle this issue in the security team's documentation.

Created: 2021-08-14 Last update: 2021-12-05 06:30

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.6.1 instead of 4.5.1).

Created: 2021-08-18 Last update: 2022-05-11 23:24

testing migrations

This package is part of the ongoing testing transition known as auto-openssl. Please avoid uploads unrelated to this transition, they would likely delay it and require supplementary work from the release managers. On the other hand, if your package has problems preventing it to migrate to testing, please fix them as soon as possible. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.

news

[rss feed]

[2021-12-05] m2crypto 0.38.0-2 MIGRATED to testing (Debian testing watch)
[2021-12-03] Accepted m2crypto 0.38.0-2 (source) into unstable (Sandro Tosi)
[2021-10-15] Accepted m2crypto 0.38.0-1 (source) into unstable (Sandro Tosi)
[2021-03-19] Accepted m2crypto 0.31.0-4+deb10u2 (source) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Sebastian Andrzej Siewior)
[2021-03-04] m2crypto 0.37.1-2 MIGRATED to testing (Debian testing watch)
[2021-02-22] Accepted m2crypto 0.37.1-2 (source) into unstable (Sandro Tosi)
[2021-01-30] m2crypto 0.37.1-1 MIGRATED to testing (Debian testing watch)
[2021-01-30] m2crypto 0.37.1-1 MIGRATED to testing (Debian testing watch)
[2021-01-27] Accepted m2crypto 0.31.0-4+deb10u1 (source) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Sebastian Andrzej Siewior)
[2021-01-12] Accepted m2crypto 0.37.1-1 (source) into unstable (Sandro Tosi)
[2020-07-18] m2crypto 0.36.0-1 MIGRATED to testing (Debian testing watch)
[2020-07-16] Accepted m2crypto 0.36.0-1 (source) into unstable (Sandro Tosi)
[2020-05-06] Accepted m2crypto 0.35.2-2 (source all amd64) into unstable, unstable (Debian FTP Masters) (signed by: Sandro Tosi)
[2020-04-24] Accepted m2crypto 0.35.2-1 (source) into unstable (Sandro Tosi)
[2020-02-02] m2crypto 0.31.0-9 MIGRATED to testing (Debian testing watch)
[2020-01-31] Accepted m2crypto 0.31.0-9 (source) into unstable (Sandro Tosi)
[2019-11-24] m2crypto 0.31.0-8 MIGRATED to testing (Debian testing watch)
[2019-11-22] Accepted m2crypto 0.31.0-8 (source) into unstable (Sandro Tosi)
[2019-11-20] Accepted m2crypto 0.31.0-7 (source all amd64) into unstable (Daniel Stender)
[2019-10-01] Accepted m2crypto 0.31.0-6~bpo10+1 (source all amd64) into buster-backports, buster-backports (Daniel Stender)
[2019-08-21] m2crypto 0.31.0-6 MIGRATED to testing (Debian testing watch)
[2019-08-19] Accepted m2crypto 0.31.0-6 (source) into unstable (Daniel Stender)
[2019-08-12] Accepted m2crypto 0.31.0-5 (all source) into unstable, unstable (Daniel Stender)
[2019-06-16] m2crypto 0.31.0-4 MIGRATED to testing (Debian testing watch)
[2019-06-09] Accepted m2crypto 0.31.0-4 (all source) into unstable (Daniel Stender)
[2019-03-18] m2crypto 0.31.0-3 MIGRATED to testing (Debian testing watch)
[2019-03-11] Accepted m2crypto 0.31.0-3 (source all amd64) into unstable (Daniel Stender)
[2018-12-21] m2crypto 0.31.0-2 MIGRATED to testing (Debian testing watch)
[2018-12-19] Accepted m2crypto 0.31.0-2 (all source) into unstable (Daniel Stender)
[2018-11-13] m2crypto 0.31.0-1 MIGRATED to testing (Debian testing watch)

bugs [bug history graph]

all: 3
RC: 0
I&N: 2
M&W: 0
F&P: 1
patch: 0

links

homepage
lintian (10, 3)
buildd: logs, clang, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 0.38.0-1ubuntu5
5 bugs
patches for 0.38.0-1ubuntu5