[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: devotee predictable random numbers (was: General Resolution: Diversity statement results)

On Thu, Jun 07, 2012 at 02:22:12PM +0300, Touko Korpela wrote:
> On Thu, Jun 07, 2012 at 12:00:19AM -0700, Manoj Srivastava wrote:
> > 
> >         Once I get my act together again, I have devotee v 2.0 that I
> >  think is generally useful enough to package, since I have moved it to a
> >  command pattern based workflow, and thus people may add modules (check
> >  gpg sigs) or remove tham (no ldap checks), and move the action noides
> >  around at will (do  gpg checks _after_ ldap checks)
> Is "predictable RNG allows recovery of secret monikers" (CVE-2012-2387)
> fixed now in devotee?

No, and it's only relevant (to Debian) to get it fixed by the next
DPL election, so I'm in no hurry to fix it myself.  But patches
are always welcome.


Reply to: