Debian Package Tracker

general

source: python-rsa (main)
version: 4.0-4
maintainer: Debian Python Modules Team (archive) (DMD)
uploaders: TANIGUCHI Takaki [DMD]
arch: all
std-ver: 4.2.1
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 3.1.4-1+deb8u1
oldstable: 3.4.2-1
stable: 4.0-2
testing: 4.0-4
unstable: 4.0-4

versioned links

3.1.4-1+deb8u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.4.2-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
4.0-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
4.0-4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

python3-rsa

action needed

A new upstream version is available: 4.6 high

A new upstream version 4.6 is available, you should consider packaging it.

Created: 2020-06-29 Last update: 2020-10-28 22:07

lintian reports 2 errors high

Lintian reports 2 errors about this package. You should make the package lintian clean getting rid of them.

Created: 2020-10-22 Last update: 2020-10-22 04:34

1 security issue in sid high

There is 1 open security issue in sid.

1 important issue:

CVE-2020-13757: Python-RSA before 4.1 ignores leading '\0' bytes during decryption of ciphertext. This could conceivably have a security-relevant impact, e.g., by helping an attacker to infer that an application uses Python-RSA, or if the length of accepted ciphertext affects application behavior (such as by causing excessive memory allocation).

Please fix it.

Created: 2020-06-02 Last update: 2020-08-07 06:08

1 security issue in bullseye high

There is 1 open security issue in bullseye.

1 important issue:

CVE-2020-13757: Python-RSA before 4.1 ignores leading '\0' bytes during decryption of ciphertext. This could conceivably have a security-relevant impact, e.g., by helping an attacker to infer that an application uses Python-RSA, or if the length of accepted ciphertext affects application behavior (such as by causing excessive memory allocation).

Please fix it.

Created: 2020-06-02 Last update: 2020-08-07 06:08

version in VCS is newer than in repository, is it time to upload? normal

vcswatch reports that this package seems to have a new changelog entry (version 4.6-1, distribution UNRELEASED) and new commits in its VCS. You should consider whether it's time to make an upload.

Here are the relevant commit messages:

commit 785e1a7ca790277d7dbeeb9191ea47b85d9c4ece
Author: Ondřej Nový <onovy@debian.org>
Date:   Thu Sep 24 08:51:59 2020 +0200

    d/control: Update Vcs-* fields with new Debian Python Team Salsa layout

commit 0f1a19294bbe8d40734283e037c56446496239e0
Author: Ondřej Nový <onovy@debian.org>
Date:   Thu Sep 24 08:51:58 2020 +0200

    d/control: Update Maintainer field with new Debian Python Team contact address

commit bcade0975ae0da11fe9e0dae28199f4e01bfdd55
Author: TANIGUCHI Takaki <takaki@debian.org>
Date:   Sat Jul 4 11:02:28 2020 +0900

    Bump Standards-Version to 4.5.0

commit 2e57d4dc4d7320005f6c236ae55c9938b31ee50c
Author: TANIGUCHI Takaki <takaki@debian.org>
Date:   Sat Jun 13 18:11:57 2020 +0900

    Add mypy to B-D

commit 321ab5f47b705db21db9a64dd94531daa2b3da02
Author: TANIGUCHI Takaki <takaki@debian.org>
Date:   Sat Jun 13 18:11:20 2020 +0900

    new upstream

commit 02369fb72f5aca3efebcd8506dfb4674a0a72308
Merge: 3a2c7a4 72cc009
Author: TANIGUCHI Takaki <takaki@debian.org>
Date:   Sat Jun 13 18:09:25 2020 +0900

    Update upstream source from tag 'upstream/4.6'
    
    Update to upstream version '4.6'
    with Debian dir 50b84cde411659fd3beb34775f63b91a1bf7eddb

commit 72cc00956110545d9e75ab8640c649b8f0c9efad
Author: TANIGUCHI Takaki <takaki@debian.org>
Date:   Sat Jun 13 18:09:25 2020 +0900

    New upstream version 4.6

https://salsa.debian.org/api/v4/projects/python-team%2Fmodules%2Fpython-rsa API request failed: 404 Not Found at /srv/qa.debian.org/data/vcswatch/vcswatch line 379.

Created: 2020-06-14 Last update: 2020-10-28 01:04

1 ignored security issue in stretch low

There is 1 open security issue in stretch.

1 issue skipped by the security teams:

CVE-2020-13757: Python-RSA before 4.1 ignores leading '\0' bytes during decryption of ciphertext. This could conceivably have a security-relevant impact, e.g., by helping an attacker to infer that an application uses Python-RSA, or if the length of accepted ciphertext affects application behavior (such as by causing excessive memory allocation).

Please fix it.

Created: 2020-06-02 Last update: 2020-08-07 06:08

1 ignored security issue in buster low

There is 1 open security issue in buster.

1 issue skipped by the security teams:

CVE-2020-13757: Python-RSA before 4.1 ignores leading '\0' bytes during decryption of ciphertext. This could conceivably have a security-relevant impact, e.g., by helping an attacker to infer that an application uses Python-RSA, or if the length of accepted ciphertext affects application behavior (such as by causing excessive memory allocation).

Please fix it.

Created: 2020-06-02 Last update: 2020-08-07 06:08

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.5.0 instead of 4.2.1).

Created: 2018-12-23 Last update: 2020-04-25 10:34

news

[rss feed]

[2020-04-30] python-rsa 4.0-4 MIGRATED to testing (Debian testing watch)
[2020-04-25] Accepted python-rsa 4.0-4 (source) into unstable (TANIGUCHI Takaki)
[2019-10-16] python-rsa 4.0-3 MIGRATED to testing (Debian testing watch)
[2019-10-10] Accepted python-rsa 4.0-3 (source) into unstable (Sandro Tosi)
[2018-12-09] python-rsa 4.0-2 MIGRATED to testing (Debian testing watch)
[2018-12-04] Accepted python-rsa 4.0-2 (source all) into unstable (TANIGUCHI Takaki)
[2018-10-09] python-rsa 4.0-1 MIGRATED to testing (Debian testing watch)
[2018-10-04] Accepted python-rsa 4.0-1 (source all) into unstable (TANIGUCHI Takaki)
[2016-10-17] python-rsa 3.4.2-1 MIGRATED to testing (Debian testing watch)
[2016-10-11] Accepted python-rsa 3.4.2-1 (source all) into unstable (TANIGUCHI Takaki)
[2016-03-22] Accepted python-rsa 3.1.4-1+deb8u1 (all source) into proposed-updates->stable-new, proposed-updates (Salvatore Bonaccorso)
[2016-02-23] python-rsa 3.2.3-1.1 MIGRATED to testing (Debian testing watch)
[2016-02-17] Accepted python-rsa 3.2.3-1.1 (source) into unstable (Salvatore Bonaccorso)
[2015-11-30] python-rsa 3.2.3-1 MIGRATED to testing (Britney)
[2015-11-24] Accepted python-rsa 3.2.3-1 (source all) into unstable (TANIGUCHI Takaki)
[2014-06-28] python-rsa 3.1.4-1 MIGRATED to testing (Debian testing watch)
[2014-06-22] Accepted python-rsa 3.1.4-1 (source all) (TANIGUCHI Takaki)
[2014-01-15] python-rsa 3.1.2-1 MIGRATED to testing (Debian testing watch)
[2014-01-04] Accepted python-rsa 3.1.2-1 (source all) (TANIGUCHI Takaki)

bugs [bug history graph]

all: 1
RC: 0
I&N: 1
M&W: 0
F&P: 0
patch: 0

links

homepage
lintian (2, 0)
buildd: logs, clang, reproducibility
popcon
browse source code
edit tags
other distros
security tracker
screenshots
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 4.0-4