PSA: don’t use pycrypto, use https://pypi.python.org/pypi/cryptography
I believe this is a link with technical details of the attack: http://seclists.org/oss-sec/2016/q4/760
The CVE they link is from 2013! Is there a patch that didn’t make it into this distro?
Sometimes a CVE is backdated. It’s the time the bug was first identified, not when it was fixed.