Re: devotee predictable random numbers
On Thu, Jun 07 2012, Touko Korpela wrote:
> On Thu, Jun 07, 2012 at 12:00:19AM -0700, Manoj Srivastava wrote:
>>
>> Once I get my act together again, I have devotee v 2.0 that I
>> think is generally useful enough to package, since I have moved it to a
>> command pattern based workflow, and thus people may add modules (check
>> gpg sigs) or remove tham (no ldap checks), and move the action noides
>> around at will (do gpg checks _after_ ldap checks)
>
> Is "predictable RNG allows recovery of secret monikers" (CVE-2012-2387)
> fixed now in devotee?
> https://lists.debian.org/debian-devel/2012/04/msg00528.html
> http://www.openwall.com/lists/oss-security/2012/05/22/11
Interesting thread. No, this has not yet been fixed in
devotee. I'll patch v2.0.
manoj
--
The documentation is in Japanese. Good luck. Rich $alz
Manoj Srivastava <srivasta@acm.org> <http://www.golden-gryphon.com/>
4096R/C5779A1C E37E 5EC5 2A01 DA25 AD20 05B6 CF48 9438 C577 9A1C
Reply to: