python-rsa - Debian Package Tracker

general

source: python-rsa (main)
version: 4.0-4
maintainer: Debian Python Modules Team (archive) (DMD)
uploaders: TANIGUCHI Takaki [DMD]
arch: all
std-ver: 4.2.1
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 3.4.2-1
oldstable: 4.0-2
stable: 4.0-4
testing: 4.0-4
unstable: 4.0-4

versioned links

3.4.2-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
4.0-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
4.0-4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

python3-rsa

action needed

A new upstream version is available: 4.7.2 high

A new upstream version 4.7.2 is available, you should consider packaging it.

Created: 2020-06-29 Last update: 2021-09-19 20:28

2 security issues in sid high

There are 2 open security issues in sid.

2 important issues:

CVE-2020-13757: Python-RSA before 4.1 ignores leading '\0' bytes during decryption of ciphertext. This could conceivably have a security-relevant impact, e.g., by helping an attacker to infer that an application uses Python-RSA, or if the length of accepted ciphertext affects application behavior (such as by causing excessive memory allocation).
CVE-2020-25658: It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. An attacker can use this flaw via the RSA decryption API to decrypt parts of the cipher text encrypted with RSA.

Created: 2021-02-19 Last update: 2021-08-15 00:00

2 security issues in bullseye high

There are 2 open security issues in bullseye.

2 important issues:

CVE-2020-13757: Python-RSA before 4.1 ignores leading '\0' bytes during decryption of ciphertext. This could conceivably have a security-relevant impact, e.g., by helping an attacker to infer that an application uses Python-RSA, or if the length of accepted ciphertext affects application behavior (such as by causing excessive memory allocation).
CVE-2020-25658: It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. An attacker can use this flaw via the RSA decryption API to decrypt parts of the cipher text encrypted with RSA.

Created: 2021-02-19 Last update: 2021-08-15 00:00

2 security issues in bookworm high

There are 2 open security issues in bookworm.

2 important issues:

CVE-2020-13757: Python-RSA before 4.1 ignores leading '\0' bytes during decryption of ciphertext. This could conceivably have a security-relevant impact, e.g., by helping an attacker to infer that an application uses Python-RSA, or if the length of accepted ciphertext affects application behavior (such as by causing excessive memory allocation).
CVE-2020-25658: It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. An attacker can use this flaw via the RSA decryption API to decrypt parts of the cipher text encrypted with RSA.

Created: 2021-08-15 Last update: 2021-08-15 00:00

lintian reports 3 errors high

Lintian reports 3 errors about this package. You should make the package lintian clean getting rid of them.

Created: 2020-10-22 Last update: 2021-01-26 00:03

version in VCS is newer than in repository, is it time to upload? normal

vcswatch reports that this package seems to have a new changelog entry (version 4.7-1, distribution UNRELEASED) and new commits in its VCS. You should consider whether it's time to make an upload.

Here are the relevant commit messages:

commit 415d0c74bf9fa41ea3eae12d47b0b11e13ccd587
Author: TANIGUCHI Takaki <takaki@debian.org>
Date:   Fri Jan 15 00:32:02 2021 +0900

    new upstream

commit 08618d974d39c0085fc5d3dde6c6c997c8ddc206
Merge: 785e1a7 9557156
Author: TANIGUCHI Takaki <takaki@debian.org>
Date:   Fri Jan 15 00:31:42 2021 +0900

    Update upstream source from tag 'upstream/4.7'
    
    Update to upstream version '4.7'
    with Debian dir 0eb8ddfd3def46d31083d7ef9f54a90fb753269e

commit 9557156240ca0fadf98b9fb96f1cce4d036f9468
Author: TANIGUCHI Takaki <takaki@debian.org>
Date:   Fri Jan 15 00:31:42 2021 +0900

    New upstream version 4.7

commit 785e1a7ca790277d7dbeeb9191ea47b85d9c4ece
Author: Ondřej Nový <onovy@debian.org>
Date:   Thu Sep 24 08:51:59 2020 +0200

    d/control: Update Vcs-* fields with new Debian Python Team Salsa layout

commit 0f1a19294bbe8d40734283e037c56446496239e0
Author: Ondřej Nový <onovy@debian.org>
Date:   Thu Sep 24 08:51:58 2020 +0200

    d/control: Update Maintainer field with new Debian Python Team contact address

commit bcade0975ae0da11fe9e0dae28199f4e01bfdd55
Author: TANIGUCHI Takaki <takaki@debian.org>
Date:   Sat Jul 4 11:02:28 2020 +0900

    Bump Standards-Version to 4.5.0

commit 2e57d4dc4d7320005f6c236ae55c9938b31ee50c
Author: TANIGUCHI Takaki <takaki@debian.org>
Date:   Sat Jun 13 18:11:57 2020 +0900

    Add mypy to B-D

commit 321ab5f47b705db21db9a64dd94531daa2b3da02
Author: TANIGUCHI Takaki <takaki@debian.org>
Date:   Sat Jun 13 18:11:20 2020 +0900

    new upstream

commit 72cc00956110545d9e75ab8640c649b8f0c9efad
Author: TANIGUCHI Takaki <takaki@debian.org>
Date:   Sat Jun 13 18:09:25 2020 +0900

    New upstream version 4.6

commit 02369fb72f5aca3efebcd8506dfb4674a0a72308
Merge: 3a2c7a4 72cc009
Author: TANIGUCHI Takaki <takaki@debian.org>
Date:   Sat Jun 13 18:09:25 2020 +0900

    Update upstream source from tag 'upstream/4.6'
    
    Update to upstream version '4.6'
    with Debian dir 50b84cde411659fd3beb34775f63b91a1bf7eddb

https://salsa.debian.org/api/v4/projects/python-team%2Fmodules%2Fpython-rsa API request failed: 404 Not Found at /srv/qa.debian.org/data/vcswatch/vcswatch line 388.

Created: 2020-06-14 Last update: 2021-09-17 14:36

2 low-priority security issues in buster low

There are 2 open security issues in buster.

2 issues left for the package maintainer to handle:

CVE-2020-13757: (needs triaging) Python-RSA before 4.1 ignores leading '\0' bytes during decryption of ciphertext. This could conceivably have a security-relevant impact, e.g., by helping an attacker to infer that an application uses Python-RSA, or if the length of accepted ciphertext affects application behavior (such as by causing excessive memory allocation).
CVE-2020-25658: (needs triaging) It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. An attacker can use this flaw via the RSA decryption API to decrypt parts of the cipher text encrypted with RSA.

You can find information about how to handle these issues in the security team's documentation.

Created: 2021-02-19 Last update: 2021-08-15 00:00

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.6.0 instead of 4.2.1).

Created: 2018-12-23 Last update: 2021-08-18 14:03

news

[rss feed]

[2020-04-30] python-rsa 4.0-4 MIGRATED to testing (Debian testing watch)
[2020-04-25] Accepted python-rsa 4.0-4 (source) into unstable (TANIGUCHI Takaki)
[2019-10-16] python-rsa 4.0-3 MIGRATED to testing (Debian testing watch)
[2019-10-10] Accepted python-rsa 4.0-3 (source) into unstable (Sandro Tosi)
[2018-12-09] python-rsa 4.0-2 MIGRATED to testing (Debian testing watch)
[2018-12-04] Accepted python-rsa 4.0-2 (source all) into unstable (TANIGUCHI Takaki)
[2018-10-09] python-rsa 4.0-1 MIGRATED to testing (Debian testing watch)
[2018-10-04] Accepted python-rsa 4.0-1 (source all) into unstable (TANIGUCHI Takaki)
[2016-10-17] python-rsa 3.4.2-1 MIGRATED to testing (Debian testing watch)
[2016-10-11] Accepted python-rsa 3.4.2-1 (source all) into unstable (TANIGUCHI Takaki)
[2016-03-22] Accepted python-rsa 3.1.4-1+deb8u1 (all source) into proposed-updates->stable-new, proposed-updates (Salvatore Bonaccorso)
[2016-02-23] python-rsa 3.2.3-1.1 MIGRATED to testing (Debian testing watch)
[2016-02-17] Accepted python-rsa 3.2.3-1.1 (source) into unstable (Salvatore Bonaccorso)
[2015-11-30] python-rsa 3.2.3-1 MIGRATED to testing (Britney)
[2015-11-24] Accepted python-rsa 3.2.3-1 (source all) into unstable (TANIGUCHI Takaki)
[2014-06-28] python-rsa 3.1.4-1 MIGRATED to testing (Debian testing watch)
[2014-06-22] Accepted python-rsa 3.1.4-1 (source all) (TANIGUCHI Takaki)
[2014-01-15] python-rsa 3.1.2-1 MIGRATED to testing (Debian testing watch)
[2014-01-04] Accepted python-rsa 3.1.2-1 (source all) (TANIGUCHI Takaki)

bugs [bug history graph]

all: 2
RC: 0
I&N: 2
M&W: 0
F&P: 0
patch: 0

links

homepage
lintian (3, 0)
buildd: logs, clang, reproducibility
popcon
browse source code
edit tags
other distros
security tracker
screenshots
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 4.0-4