CVE-2012-3458
Published: 15 September 2012
Beaker before 1.6.4, when using PyCrypto to encrypt sessions, uses AES in ECB cipher mode, which might allow remote attackers to obtain portions of sensitive session data via unspecified vectors.
Priority
Status
| Package | Release | Status |
|---|---|---|
|
beaker Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
| lucid |
Ignored
(end of life)
|
|
| natty |
Released
(1.5.4-4+squeeze1build0.11.04.1)
|
|
| oneiric |
Released
(1.5.4-4+squeeze1build0.11.10.1)
|
|
| precise |
Released
(1.5.4-4+squeeze1build0.12.04.1)
|
|
| quantal |
Ignored
(end of life)
|
|
| raring |
Ignored
(end of life)
|
|
| saucy |
Ignored
(end of life)
|
|
| trusty |
Does not exist
(trusty was not-affected [1.6.3-1.1])
|
|
| upstream |
Released
(1.6.4)
|
|
| utopic |
Ignored
(end of life)
|
|
| vivid |
Ignored
(end of life)
|
|
| wily |
Ignored
(end of life)
|
|
| xenial |
Not vulnerable
(1.6.4)
|
|
| yakkety |
Not vulnerable
(1.8.0)
|
|
|
Patches: other: https://github.com/bbangert/beaker/commit/91becae76101cf87ce8cbfabe3af2622fc328fe5 |
||