Comment 5 for bug 682600

The very fact the warning is printed means there's no security vulnerability, because as it says it's about problems with an older version of pycrypto. The CVE is about a different but related issue with paramiko. Neither Ubuntu or the Bazaar installers ship vulnerable versions of either package.

Making the scary but pointless warning go away means applying that patch to paramiko, which we do where possible, but will mean getting it applied to the (unresponsive) upstream before it's picked up by some distros.