libcloud-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ryan Petrello (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (LIBCLOUD-1015) libcloud must not use pycrypto
Date Mon, 11 Mar 2019 15:46:00 GMT

    [ https://issues.apache.org/jira/browse/LIBCLOUD-1015?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16789714#comment-16789714
] 

Ryan Petrello commented on LIBCLOUD-1015:
-----------------------------------------

Also, it's not really a rumor that PyCrypto is insecure.  The current stable version on PyPI
has a high severity (unresolved) buffer overflow CVE: [https://security-tracker.debian.org/tracker/CVE-2013-7459]

 

PyCrypto is insecure and a new official version has not been released since late 2013.

> libcloud must not use pycrypto
> ------------------------------
>
>                 Key: LIBCLOUD-1015
>                 URL: https://issues.apache.org/jira/browse/LIBCLOUD-1015
>             Project: Libcloud
>          Issue Type: Bug
>          Components: Core
>    Affects Versions: 2.3.0
>            Reporter: Björn Boschman
>            Priority: Major
>
> while looking at the github page you can see that pycrytp is unmaintained
> rumor has it that even dangerous bugs might exist



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message