Activity log for bug #682600

Date Who What changed Old value New value Message
2010-11-29 10:03:29 Dimitri John Ledkov bug added bug
2010-11-29 10:03:58 Dimitri John Ledkov visibility private public
2010-11-29 17:32:51 John A Meinel bzr: importance Undecided High
2010-11-29 17:32:51 John A Meinel bzr: status New Confirmed
2010-11-29 22:05:00 Dimitri John Ledkov bug watch added http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=460706
2010-11-29 22:05:00 Dimitri John Ledkov cve linked 2008-0299
2010-11-29 23:44:25 Martin Packman cve unlinked 2008-0299
2010-11-30 01:05:31 Martin Pool bug task added paramiko (Ubuntu)
2010-11-30 01:13:36 Martin Pool description See bug #249765 in PyCrypto $ bzr pull Using saved parent location: bzr+ssh://bazaar.launchpad.net/~xiphos-devel/xiphos/trunk/ /usr/lib/python2.6/dist-packages/Crypto/Util/randpool.py:40: RandomPool_DeprecationWarning: This application uses RandomPool, which is BROKEN in older releases. See http://www.pycrypto.org/randpool-broken RandomPool_DeprecationWarning) No revisions to pull. $ bzr --version Bazaar (bzr) 2.3b3 Python interpreter: /usr/bin/python 2.6.6 Python standard library: /usr/lib/python2.6 Platform: Linux-2.6.37-6-generic-i686-with-Ubuntu-11.04-natty bzrlib: /usr/lib/python2.6/dist-packages/bzrlib Bazaar configuration: /home/tdlk/.bazaar Bazaar log file: /home/tdlk/.bzr.log $ dpkg-query -W bzr bzr 2.3.0~beta3-1~bazaar1~maverick1 See bug #249765 in PyCrypto $ bzr pull Using saved parent location: bzr+ssh://bazaar.launchpad.net/~xiphos-devel/xiphos/trunk/ /usr/lib/python2.6/dist-packages/Crypto/Util/randpool.py:40: RandomPool_DeprecationWarning: This application uses RandomPool, which is BROKEN in older releases. See http://www.pycrypto.org/randpool-broken   RandomPool_DeprecationWarning) No revisions to pull. $ bzr --version Bazaar (bzr) 2.3b3   Python interpreter: /usr/bin/python 2.6.6   Python standard library: /usr/lib/python2.6   Platform: Linux-2.6.37-6-generic-i686-with-Ubuntu-11.04-natty   bzrlib: /usr/lib/python2.6/dist-packages/bzrlib   Bazaar configuration: /home/tdlk/.bazaar   Bazaar log file: /home/tdlk/.bzr.log $ dpkg-query -W bzr bzr 2.3.0~beta3-1~bazaar1~maverick1 ---- To summarize this for Ubuntu: maverick's paramiko always gives this warning because it uses an old api in pycrypto. (I presume the same is true in natty.) There is no actual bug as such, because Ubuntu has a newer pycrypto. There is no upstream paramiko fix for this and the upstream is unresponsive. We would like to apply in the package a fix that will update it to use the new api so there is no warning.
2010-11-30 01:13:39 Martin Pool tags paramiko
2010-11-30 01:13:41 Martin Pool bzr: importance High Medium
2010-11-30 21:03:52 Marc Deslauriers security vulnerability yes no
2010-11-30 21:03:57 Marc Deslauriers bug added subscriber Ubuntu Bugs
2010-11-30 21:04:00 Marc Deslauriers removed subscriber Ubuntu Security Team
2011-01-14 05:59:56 Jelmer Vernooij marked as duplicate 271791
2011-01-18 20:10:13 Launchpad Janitor paramiko (Ubuntu): status New Fix Released
2011-01-18 21:14:27 Launchpad Janitor branch linked lp:ubuntu/paramiko