Candidate: CVE-2012-3458
PublicDate: 2012-09-15 17:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3458
 http://www.openwall.com/lists/oss-security/2012/08/13/10
Description:
 Beaker before 1.6.4, when using PyCrypto to encrypt sessions, uses AES in
 ECB cipher mode, which might allow remote attackers to obtain portions of
 sensitive session data via unspecified vectors.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684890
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_beaker:
 other: https://github.com/bbangert/beaker/commit/91becae76101cf87ce8cbfabe3af2622fc328fe5
upstream_beaker: released (1.6.4)
hardy_beaker: ignored (reached end-of-life)
lucid_beaker: ignored (reached end-of-life)
natty_beaker: released (1.5.4-4+squeeze1build0.11.04.1)
oneiric_beaker: released (1.5.4-4+squeeze1build0.11.10.1)
precise_beaker: released (1.5.4-4+squeeze1build0.12.04.1)
quantal_beaker: ignored (reached end-of-life)
raring_beaker: ignored (reached end-of-life)
saucy_beaker: ignored (reached end-of-life)
trusty_beaker: not-affected (1.6.3-1.1)
trusty/esm_beaker: DNE (trusty was not-affected [1.6.3-1.1])
utopic_beaker: ignored (reached end-of-life)
vivid_beaker: ignored (reached end-of-life)
vivid/stable-phone-overlay_beaker: DNE
vivid/ubuntu-core_beaker: DNE
wily_beaker: ignored (reached end-of-life)
xenial_beaker: not-affected (1.6.4)
yakkety_beaker: not-affected (1.8.0)
devel_beaker: not-affected