about python-oauth2: CVE-2013-4347

To: debian-python@lists.debian.org
Subject: about python-oauth2: CVE-2013-4347
From: Philippe Makowski <pmakowski@espelida.com>
Date: Tue, 08 Oct 2013 23:46:27 +0200
Message-id: <[🔎] 52547D33.7070600@espelida.com>

Hi,

do you think that for fixing that, using

return ''.join(random.choice('abcdefghijklmnopqrstuvwxyz123456789') for
i in xrange(length))

instead of the actual

return ''.join([str(random.randint(0, 9)) for i in range(length)])


would be an acceptable fix ?

Reply to:

Follow-Ups:
- Re: about python-oauth2: CVE-2013-4347
  - From: Paul Wise <pabs@debian.org>

Prev by Date: Re: Python-babel 1.3 available from Sid
Next by Date: Re: about python-oauth2: CVE-2013-4347
Previous by thread: Re: Python-babel 1.3 available from Sid
Next by thread: Re: about python-oauth2: CVE-2013-4347
Index(es):
- Date
- Thread