[Python-modules-team] Bug#854390: Bug#854390: python-bottle-cork: insecure default hashing algorithm
Sandro Tosi
morph at debian.org
Wed Feb 8 05:05:47 UTC 2017
control: tags -1 +fixed-upstream
On Mon, Feb 6, 2017 at 9:52 AM, IOhannes m zmölnig <umlaeute at debian.org> wrote:
> As reported on https://github.com/FedericoCeratto/bottle-cork/issues/112, the
> "bottle-cork" module uses a very unsecure hashing algorithm (sha1 with 10
> iterations) as default.
>
> the defaults should be changed to use a secure hash (or even better: the user
> should select the hashing algorithm, rather than Cork)
this has been fixed by upstream in
https://github.com/FedericoCeratto/bottle-cork/commit/665c99342db5dd73bc298235f339c9a335e50d7e
(a small change in cork.py and big chunk in tests, which is always
good).
let me know if i can help in any way to get this fixed for stretch
Thanks,
--
Sandro "morph" Tosi
My website: http://sandrotosi.me/
Me at Debian: http://wiki.debian.org/SandroTosi
G+: https://plus.google.com/u/0/+SandroTosi
More information about the Python-modules-team
mailing list