Ubuntu
p7zip package

Apply patch that removes the use of weak IVs when using AES encryption

Bug #2031641 reported by Markus Muckhoff
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
p7zip (Ubuntu)
New
Undecided
Unassigned

Bug Description

Dear all,

as far as I can see (please have a look at lines 163ff in file CPP/7zip/Crypto/7zAes.cpp) you did not integrate the following patch which fixes the creation of weak IVs for AES encryption:

https://github.com/p7zip-project/p7zip/commit/6106df26ff64fa8147bfc9abdc0a14908b5d3871

Original post of the bug finding: https://threadreaderapp.com/thread/1087848040583626753.html

Thank you

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.