Debian Package Tracker
Register | Log in
Subscribe

m2crypto

Choose email to subscribe with

general
  • source: m2crypto (main)
  • version: 0.38.0-2
  • maintainer: Sandro Tosi (DMD)
  • uploaders: Debian Python Team [DMD]
  • arch: all any
  • std-ver: 4.5.1
  • VCS: Git (Browse, QA)
versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]
[pool directory]
  • o-o-stable: 0.24.0-1.1
  • oldstable: 0.31.0-4+deb10u2
  • old-bpo: 0.31.0-6~bpo10+1
  • stable: 0.37.1-2
  • testing: 0.38.0-2
  • unstable: 0.38.0-2
versioned links
  • 0.24.0-1.1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 0.31.0-4+deb10u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 0.31.0-6~bpo10+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 0.37.1-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 0.38.0-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
binaries
  • python-m2crypto-doc
  • python3-m2crypto
action needed
Debci reports failed tests high
  • unstable: fail (log)
    The tests ran in 0:01:01
    Last run: 2022-05-22T22:31:01.000Z
    Previous status: fail

  • testing: pass (log)
    The tests ran in 0:03:35
    Last run: 2022-05-28T10:19:00.000Z
    Previous status: tmpfail

  • stable: pass (log)
    The tests ran in 0:01:56
    Last run: 2022-05-05T07:21:10.000Z
    Previous status: pass

Created: 2022-05-17 Last update: 2022-05-28 13:37
lintian reports 10 errors and 3 warnings high
Lintian reports 10 errors and 3 warnings about this package. You should make the package lintian clean getting rid of them.
Created: 2021-04-11 Last update: 2022-01-01 04:33
1 security issue in sid high

There is 1 open security issue in sid.

1 important issue:
  • CVE-2020-25657: A flaw was found in all released versions of m2crypto, where they are vulnerable to Bleichenbacher timing attacks in the RSA decryption API via the timed processing of valid PKCS#1 v1.5 Ciphertext. The highest threat from this vulnerability is to confidentiality.
Created: 2021-02-19 Last update: 2021-12-05 06:30
1 security issue in bookworm high

There is 1 open security issue in bookworm.

1 important issue:
  • CVE-2020-25657: A flaw was found in all released versions of m2crypto, where they are vulnerable to Bleichenbacher timing attacks in the RSA decryption API via the timed processing of valid PKCS#1 v1.5 Ciphertext. The highest threat from this vulnerability is to confidentiality.
Created: 2021-08-15 Last update: 2021-12-05 06:30
version in VCS is newer than in repository, is it time to upload? normal
vcswatch reports that this package seems to have a new changelog entry (version 0.38.0-3, distribution UNRELEASED) and new commits in its VCS. You should consider whether it's time to make an upload.

Here are the relevant commit messages:
commit 82c2d28d5d605d6c46a8f7221046ba2d3af64690
Author: Stefano Rivera <stefanor@debian.org>
Date:   Wed May 18 10:27:32 2022 -0400

    Skip TLSv1.0 test, no longer possible to run it.

commit 626249735869cda5e1becb5c23c5d5b52f691605
Author: Stefano Rivera <stefanor@debian.org>
Date:   Wed May 18 10:05:17 2022 -0400

    fixup! Load legacy provider of openssl v3, to avoid segfault in tests when m2crypto tests legacy things. Thanks Dimitri John Ledkov for the patch. Closes: #1006508

commit b2083e8fcd6b7a2d8106f03fb9d14cd84188f253
Author: Stefano Rivera <stefanor@debian.org>
Date:   Wed May 18 08:59:49 2022 -0400

    Apply 4 patches to get the tests passing on OpenSSL 3.

commit 6c4ac9d168022e8da1c01a4ea848892fae425e75
Author: Stefano Rivera <stefanor@debian.org>
Date:   Wed May 18 08:43:36 2022 -0400

    Load legacy provider of openssl v3, to avoid segfault in tests when m2crypto tests legacy things. Thanks Dimitri John Ledkov for the patch. Closes: #1006508
Created: 2022-05-18 Last update: 2022-05-27 05:35
Multiarch hinter reports 1 issue(s) low
There are issues with the multiarch metadata for this package.
  • python-m2crypto-doc could be marked Multi-Arch: foreign
Created: 2018-05-07 Last update: 2022-05-28 09:05
1 low-priority security issue in buster low

There is 1 open security issue in buster.

1 issue left for the package maintainer to handle:
  • CVE-2020-25657: (needs triaging) A flaw was found in all released versions of m2crypto, where they are vulnerable to Bleichenbacher timing attacks in the RSA decryption API via the timed processing of valid PKCS#1 v1.5 Ciphertext. The highest threat from this vulnerability is to confidentiality.

You can find information about how to handle this issue in the security team's documentation.

Created: 2021-02-19 Last update: 2021-12-05 06:30
1 low-priority security issue in bullseye low

There is 1 open security issue in bullseye.

1 issue left for the package maintainer to handle:
  • CVE-2020-25657: (needs triaging) A flaw was found in all released versions of m2crypto, where they are vulnerable to Bleichenbacher timing attacks in the RSA decryption API via the timed processing of valid PKCS#1 v1.5 Ciphertext. The highest threat from this vulnerability is to confidentiality.

You can find information about how to handle this issue in the security team's documentation.

Created: 2021-08-14 Last update: 2021-12-05 06:30
Standards version of the package is outdated. wishlist
The package should be updated to follow the last version of Debian Policy (Standards-Version 4.6.1 instead of 4.5.1).
Created: 2021-08-18 Last update: 2022-05-11 23:24
testing migrations
  • This package is part of the ongoing testing transition known as auto-openssl. Please avoid uploads unrelated to this transition, they would likely delay it and require supplementary work from the release managers. On the other hand, if your package has problems preventing it to migrate to testing, please fix them as soon as possible. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.
news
[rss feed]
  • [2021-12-05] m2crypto 0.38.0-2 MIGRATED to testing (Debian testing watch)
  • [2021-12-03] Accepted m2crypto 0.38.0-2 (source) into unstable (Sandro Tosi)
  • [2021-10-15] Accepted m2crypto 0.38.0-1 (source) into unstable (Sandro Tosi)
  • [2021-03-19] Accepted m2crypto 0.31.0-4+deb10u2 (source) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Sebastian Andrzej Siewior)
  • [2021-03-04] m2crypto 0.37.1-2 MIGRATED to testing (Debian testing watch)
  • [2021-02-22] Accepted m2crypto 0.37.1-2 (source) into unstable (Sandro Tosi)
  • [2021-01-30] m2crypto 0.37.1-1 MIGRATED to testing (Debian testing watch)
  • [2021-01-30] m2crypto 0.37.1-1 MIGRATED to testing (Debian testing watch)
  • [2021-01-27] Accepted m2crypto 0.31.0-4+deb10u1 (source) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Sebastian Andrzej Siewior)
  • [2021-01-12] Accepted m2crypto 0.37.1-1 (source) into unstable (Sandro Tosi)
  • [2020-07-18] m2crypto 0.36.0-1 MIGRATED to testing (Debian testing watch)
  • [2020-07-16] Accepted m2crypto 0.36.0-1 (source) into unstable (Sandro Tosi)
  • [2020-05-06] Accepted m2crypto 0.35.2-2 (source all amd64) into unstable, unstable (Debian FTP Masters) (signed by: Sandro Tosi)
  • [2020-04-24] Accepted m2crypto 0.35.2-1 (source) into unstable (Sandro Tosi)
  • [2020-02-02] m2crypto 0.31.0-9 MIGRATED to testing (Debian testing watch)
  • [2020-01-31] Accepted m2crypto 0.31.0-9 (source) into unstable (Sandro Tosi)
  • [2019-11-24] m2crypto 0.31.0-8 MIGRATED to testing (Debian testing watch)
  • [2019-11-22] Accepted m2crypto 0.31.0-8 (source) into unstable (Sandro Tosi)
  • [2019-11-20] Accepted m2crypto 0.31.0-7 (source all amd64) into unstable (Daniel Stender)
  • [2019-10-01] Accepted m2crypto 0.31.0-6~bpo10+1 (source all amd64) into buster-backports, buster-backports (Daniel Stender)
  • [2019-08-21] m2crypto 0.31.0-6 MIGRATED to testing (Debian testing watch)
  • [2019-08-19] Accepted m2crypto 0.31.0-6 (source) into unstable (Daniel Stender)
  • [2019-08-12] Accepted m2crypto 0.31.0-5 (all source) into unstable, unstable (Daniel Stender)
  • [2019-06-16] m2crypto 0.31.0-4 MIGRATED to testing (Debian testing watch)
  • [2019-06-09] Accepted m2crypto 0.31.0-4 (all source) into unstable (Daniel Stender)
  • [2019-03-18] m2crypto 0.31.0-3 MIGRATED to testing (Debian testing watch)
  • [2019-03-11] Accepted m2crypto 0.31.0-3 (source all amd64) into unstable (Daniel Stender)
  • [2018-12-21] m2crypto 0.31.0-2 MIGRATED to testing (Debian testing watch)
  • [2018-12-19] Accepted m2crypto 0.31.0-2 (all source) into unstable (Daniel Stender)
  • [2018-11-13] m2crypto 0.31.0-1 MIGRATED to testing (Debian testing watch)
  • 1
  • 2
bugs [bug history graph]
  • all: 3
  • RC: 0
  • I&N: 2
  • M&W: 0
  • F&P: 1
  • patch: 0
links
  • homepage
  • lintian (10, 3)
  • buildd: logs, clang, reproducibility, cross
  • popcon
  • browse source code
  • edit tags
  • other distros
  • security tracker
  • debci
ubuntu Ubuntu logo [Information about Ubuntu for Debian Developers]
  • version: 0.38.0-1ubuntu5
  • 5 bugs
  • patches for 0.38.0-1ubuntu5

Debian Package Tracker — Copyright 2013-2018 The Distro Tracker Developers
Report problems to the tracker.debian.org pseudo-package in the Debian BTS.
Documentation — Bugs — Git Repository — Contributing