[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CACYkhxjGw6DC1+OBMcTid6S2dAFe5JuZC2LQ-+_XGYERRVU2eg@mail.gmail.com>
Date: Thu, 13 Jun 2013 10:02:38 +1000
From: Michael Samuel <mik@...net.net>
To: oss-security@...ts.openwall.com
Subject: Re: KDE Paste Applet
Ok, so the fix for this uses KRandom::random()...
I suggest leaving the KDE Paste fix as-is and replacing KRandom with
something that just fills an integer from /dev/urandom - then we can save a
few CVE numbers for the rest of the year.
qrand() should probably also do the same, especially since cnonces for HTTP
auth are using it - that means there's only 2^32 (at best) possible
cnonces...
Regards,
Michael
On 31 May 2013 22:43, Jeff Mitchell <mitchell@....org> wrote:
> Michael Samuel wrote:
>
>> Is anyone from KDE working on fixing this? I wrote a quick patch and
>> was hoping somebody from the KDE team could vet and incorporate it.
>>
>
> Actually sending the patch to the thread you started at security@....orgwould probably help grease wheels...
>
> --Jeff
>
>
Powered by blists - more mailing lists
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
