Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 13 Jun 2013 10:02:38 +1000
From: Michael Samuel <>
Subject: Re: KDE Paste Applet

Ok, so the fix for this uses KRandom::random()...

I suggest leaving the KDE Paste fix as-is and replacing KRandom with
something that just fills an integer from /dev/urandom - then we can save a
few CVE numbers for the rest of the year.

qrand() should probably also do the same, especially since cnonces for HTTP
auth are using it - that means there's only 2^32 (at best) possible


On 31 May 2013 22:43, Jeff Mitchell <> wrote:

> Michael Samuel wrote:
>> Is anyone from KDE working on fixing this?  I wrote a quick patch and
>> was hoping somebody from the KDE team could vet and incorporate it.
> Actually sending the patch to the thread you started at security@....orgwould probably help grease wheels...
> --Jeff

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.