{"url":"http://public2.vulnerablecode.io/api/packages/7303?format=json","purl":"pkg:pypi/pycrypto@1.9a6","type":"pypi","namespace":"","name":"pycrypto","version":"1.9a6","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/34823?format=json","vulnerability_id":"VCID-2t7d-kvmj-57c8","summary":"The Crypto.Random.atfork function in PyCrypto before 2.6.1 does not properly reseed the pseudo-random number generator (PRNG) before allowing a child process to access it, which makes it easier for context-dependent attackers to obtain sensitive information by leveraging a race condition in which a child process is created and accesses the PRNG within the same rate-limit period as another process.","references":[{"reference_url":"https://github.com/dlitz/pycrypto/commit/19dcf7b15d61b7dc1a125a367151de40df6ef175","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/dlitz/pycrypto/commit/19dcf7b15d61b7dc1a125a367151de40df6ef175"},{"reference_url":"http://www.debian.org/security/2013/dsa-2781","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2013/dsa-2781"},{"reference_url":"http://www.openwall.com/lists/oss-security/2013/10/17/3","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2013/10/17/3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/7701?format=json","purl":"pkg:pypi/pycrypto@2.6.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-af5m-veyp-cugm"},{"vulnerability":"VCID-stxq-tcuq-aud6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/pycrypto@2.6.1"}],"aliases":["CVE-2013-1445","PYSEC-2013-29"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2t7d-kvmj-57c8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/34762?format=json","vulnerability_id":"VCID-m9eb-j1h4-w3g2","summary":"PyCrypto before 2.6 does not produce appropriate prime numbers when using an ElGamal scheme to generate a key, which reduces the signature space or public key space and makes it easier for attackers to conduct brute force attacks to obtain the private key.","references":[{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081713.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081713.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081759.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081759.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081789.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081789.html"},{"reference_url":"https://bugs.launchpad.net/pycrypto/+bug/985164","reference_id":"","reference_type":"","scores":[],"url":"https://bugs.launchpad.net/pycrypto/+bug/985164"},{"reference_url":"http://secunia.com/advisories/49263","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/49263"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/75871","reference_id":"","reference_type":"","scores":[],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/75871"},{"reference_url":"https://github.com/dlitz/pycrypto/blob/373ea760f21701b162e8c4912a66928ee30d401a/ChangeLog","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/dlitz/pycrypto/blob/373ea760f21701b162e8c4912a66928ee30d401a/ChangeLog"},{"reference_url":"https://github.com/Legrandin/pycrypto/commit/9f912f13df99ad3421eff360d6a62d7dbec755c2","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/Legrandin/pycrypto/commit/9f912f13df99ad3421eff360d6a62d7dbec755c2"},{"reference_url":"https://hermes.opensuse.org/messages/15083589","reference_id":"","reference_type":"","scores":[],"url":"https://hermes.opensuse.org/messages/15083589"},{"reference_url":"http://www.debian.org/security/2012/dsa-2502","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2012/dsa-2502"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2012:117","reference_id":"","reference_type":"","scores":[],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2012:117"},{"reference_url":"http://www.openwall.com/lists/oss-security/2012/05/25/1","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2012/05/25/1"},{"reference_url":"http://www.osvdb.org/82279","reference_id":"","reference_type":"","scores":[],"url":"http://www.osvdb.org/82279"},{"reference_url":"http://www.securityfocus.com/bid/53687","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/53687"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/7312?format=json","purl":"pkg:pypi/pycrypto@2.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2t7d-kvmj-57c8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/pycrypto@2.6"}],"aliases":["CVE-2012-2417","PYSEC-2012-16"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m9eb-j1h4-w3g2"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/pycrypto@1.9a6"}