2232557 – Apply patch that removes the use of weak IVs when using AES encryption

Bug 2232557 - Apply patch that removes the use of weak IVs when using AES encryption

Summary: Apply patch that removes the use of weak IVs when using AES encryption

Keywords:
Status:	NEW
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	p7zip
Sub Component:
Version:	37
Hardware:	Unspecified
OS:	Linux
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Sergio Basto
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2023-08-17 11:11 UTC by Markus Muckhoff
Modified:	2023-08-17 11:11 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	---
Doc Text:
Clone Of:
Environment:
Last Closed:
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Markus Muckhoff 2023-08-17 11:11:51 UTC

Dear all,

as far as I can see (please have a look at lines 163ff in file CPP/7zip/Crypto/7zAes.cpp) you did not integrate the following patch which fixes the creation of weak IVs for AES encryption:

https://github.com/p7zip-project/p7zip/commit/6106df26ff64fa8147bfc9abdc0a14908b5d3871

Original post of the bug finding: https://threadreaderapp.com/thread/1087848040583626753.html

Thank you

Note You need to log in before you can comment on or make changes to this bug.