CVE-2012-3458

NameCVE-2012-3458
DescriptionBeaker before 1.6.4, when using PyCrypto to encrypt sessions, uses AES in ECB cipher mode, which might allow remote attackers to obtain portions of sensitive session data via unspecified vectors.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDSA-2541-1
Debian Bugs684890

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
beaker (PTS)jessie1.6.4-2fixed
stretch1.8.1-1fixed
buster1.10.0-1fixed
bullseye1.11.0-1.1fixed
bookworm1.11.0-3fixed
sid, trixie1.13.0-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
beakersourcesqueeze1.5.4-4+squeeze1DSA-2541-1
beakersource(unstable)1.6.3-1.1684890
Search for package or bug name: Reporting problems