H, Le 20/02/2016 10:25, Julien Cristau a écrit : > Control: tags -1 moreinfo […] >> symfony (2.3.21+dfsg-4+deb8u3) jessie; urgency=medium >> >> [ Daniel Beyer ] >> * Backport a security fix from 2.3.37 >> - SecureRandom's fallback not secure when OpenSSL fails [CVE-2016-1902] […] > Why have a fallback at all? When would openssl be expected to fail? Since php5 in Debian is built with openssl, my understanding is it would only be used on environments where it has been rebuilt with OpenSSL support turned off (I’m not sure one can deactivate it at run time, so openssl_random_pseudo_bytes() should always be available in a default Debian setup if I understood correctly). Daniel, can you confirm or provide more information about Julien’s question? Regards David
Attachment:
signature.asc
Description: OpenPGP digital signature