The pycrypto library contains at least one dangerous buffer overflow:

https://github.com/dlitz/pycrypto/issues/176

And the pycrypto project is inactive:

https://github.com/dlitz/pycrypto/issues/173

The list of our packages that use pycrypto:

python-axolotl-0.1.35
onionshare-0.9.2
python-flask-restful-swagger-0.19
python-swiftclient-2.6.0
jrnl-1.9.7
ansible-2.1.0.0