From mboxrd@z Thu Jan 1 00:00:00 1970 From: Leo Famulari Subject: Re: pycrypto buffer overflow (potentially affects onionshare and other packages) Date: Mon, 26 Dec 2016 13:08:44 -0500 Message-ID: <20161226180844.GA12367@jasmine> References: <20161226174344.GA10842@jasmine> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="wRRV7LY7NUeQGEoC" Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:53242) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cLZhZ-0005dx-Vx for guix-devel@gnu.org; Mon, 26 Dec 2016 13:08:50 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1cLZhW-0001SQ-PZ for guix-devel@gnu.org; Mon, 26 Dec 2016 13:08:49 -0500 Received: from out1-smtp.messagingengine.com ([66.111.4.25]:52238) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1cLZhW-0001SI-LI for guix-devel@gnu.org; Mon, 26 Dec 2016 13:08:46 -0500 Received: from localhost (c-76-110-75-179.hsd1.fl.comcast.net [76.110.75.179]) by mail.messagingengine.com (Postfix) with ESMTPA id E890B7E330 for ; Mon, 26 Dec 2016 13:08:45 -0500 (EST) Content-Disposition: inline In-Reply-To: <20161226174344.GA10842@jasmine> List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: guix-devel@gnu.org --wRRV7LY7NUeQGEoC Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Mon, Dec 26, 2016 at 12:43:44PM -0500, Leo Famulari wrote: > The list of our packages that use pycrypto: [...] > onionshare-0.9.2 This comes through python-stem. I've contacted the stem maintainer about this issue. --wRRV7LY7NUeQGEoC Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAlhhXKwACgkQJkb6MLrK fwgzzxAAqwkZr1UfTJgf+iQaoV60bZ6hyh+6iLR6m7tJdX5NqUj+ifRnBAom0IhK xPEblqpAXByLq8aPPOCYzzQl8UkjKaSEimpKm0htClCb500dmOQ11QaGm2/9s7LB GtfHuehnA6TmlbADNDDabu9kBjkKY4fHv6IYtNsRAg1f4HgAkJC5cWPtudukPlSt LhrUHFLvtoyA2ij7epF/A0/y2/sJBfhKn1Zdn/lRy7evUe9C6XsImE8CrGaluVbd u8j6sUGkZUIdHNRrbtxUOOXrjTsj6X8/hHU/u9QfpFYms5m0EquhL6FVX7XVpFzy ava9hhn0HZXOBDRXf7na/UKnmeWwb3YcLyXcJDr+CEEhblxXOUG8PiTAPsxJd6iT TE1mnV87Bfdawk02KsJI9jN9B2hS+DPgCN2Xc8z6d4PM9h0wR3XxLp5dGRg3n7CV ixhS6uKI9cHwiYGq7xQlD+i7KZGJkwAoNvADh7ONNuBX1Uhwbm1n+3+xqDjXEgXg ZI2t5MRYh97uVN2xWDz71FCeT8VANP59IcVgL+jXN3zswiBB3gp7ZS22YLsKyIYB N2k615efQh1a6qe9M8h0+60dbDyr2/MXgECPt1IF3g/ZOP5XOOH1amgyt8pNk62W resuGyMslbqFQl829Q3SnS6+C0nG14iXfcm8b+/frmqlbiy4mpQ= =Dl4d -----END PGP SIGNATURE----- --wRRV7LY7NUeQGEoC--