Re: about python-oauth2: CVE-2013-4347

To: Paul Wise <pabs@debian.org>
Cc: debian-python@lists.debian.org
Subject: Re: about python-oauth2: CVE-2013-4347
From: Philippe Makowski <pmakowski@ibphoenix.fr>
Date: Wed, 9 Oct 2013 07:44:42 +0200
Message-id: <[🔎] CAODQO3YY5TCnnmckLHVCfdr-=Rwx4u7HLk1nSL6ZJ6+u69imNA@mail.gmail.com>
In-reply-to: <[🔎] CAKTje6FsYgkcQY56gRUKXwcBrKXBt2M5F9ApawU0c+d-JokGZQ@mail.gmail.com>
References: <[🔎] 52547D33.7070600@espelida.com> <[🔎] CAKTje6FsYgkcQY56gRUKXwcBrKXBt2M5F9ApawU0c+d-JokGZQ@mail.gmail.com>

Le 9 oct. 2013 01:42, "Paul Wise" <pabs@debian.org> a écrit :
>
> On Wed, Oct 9, 2013 at 5:46 AM, Philippe Makowski wrote:
>
> > do you think that for fixing that, using
> >
> > return ''.join(random.choice('abcdefghijklmnopqrstuvwxyz123456789') for
> > i in xrange(length))
> ...
> > would be an acceptable fix ?
>
> No, from the announcement of this issue on oss-sec:
>
> ... the Python 'random' documentation clearly states the results are
> repeatable ...
>
> http://www.openwall.com/lists/oss-security/2013/09/12/5
>
Any suggestion then ?
Is there someone working on this ?
Where are the sources of the package ?

Reply to:

References:
- about python-oauth2: CVE-2013-4347
  - From: Philippe Makowski <pmakowski@espelida.com>
- Re: about python-oauth2: CVE-2013-4347
  - From: Paul Wise <pabs@debian.org>

Prev by Date: Re: about python-oauth2: CVE-2013-4347
Next by Date: Re: about python-oauth2: CVE-2013-4347
Previous by thread: Re: about python-oauth2: CVE-2013-4347
Next by thread: Re: about python-oauth2: CVE-2013-4347
Index(es):
- Date
- Thread