First, this closes #167972 by explicitly disabling Python tests for the backported pycrypto library. Those tests were written for Python 2 only. Furthermore, the meta.knownVulnerabilities attribute was added as the last weechat-otr upstream release was in 2018-03 [0] and the backported Debian package of pycrypto is from 2020-04 [1]. As there are no known vulnerabilities for weechat-otr itself, pycrypto "is unmaintained, obsolete, and contains security vulnerabilities" [2]. Even with Debian's patches, this is no good situation. As weechat-otr being a security and privacy related software, it should be made obvious, that its code base is old and unmaintained. [0] https://github.com/mmb/weechat-otr/releases/tag/v1.9.2 [1] https://salsa.debian.org/sramacher/python-crypto/-/tags/debian%2F2.6.1-13.1 [2] https://www.pycrypto.org/main
parent
2e8714c5fc
commit
22419c93cd
Loading…
Reference in new issue