[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: devotee predictable random numbers

On Thu, Jun 07 2012, Touko Korpela wrote:

> On Thu, Jun 07, 2012 at 12:00:19AM -0700, Manoj Srivastava wrote:
>>         Once I get my act together again, I have devotee v 2.0 that I
>>  think is generally useful enough to package, since I have moved it to a
>>  command pattern based workflow, and thus people may add modules (check
>>  gpg sigs) or remove tham (no ldap checks), and move the action noides
>>  around at will (do  gpg checks _after_ ldap checks)
> Is "predictable RNG allows recovery of secret monikers" (CVE-2012-2387)
> fixed now in devotee?
> https://lists.debian.org/debian-devel/2012/04/msg00528.html
> http://www.openwall.com/lists/oss-security/2012/05/22/11

        Interesting thread. No, this has not yet been fixed in
 devotee. I'll patch v2.0.


The documentation is in Japanese.  Good luck. Rich $alz
Manoj Srivastava <srivasta@acm.org> <http://www.golden-gryphon.com/>  
4096R/C5779A1C E37E 5EC5 2A01 DA25 AD20  05B6 CF48 9438 C577 9A1C

Reply to: