Re: c-ares, CVE-2023-31147, CVE-2023-31124
Thank you all for your replies!
@Moritz, could you please create an issue with a
the possible proposal, how it should look like?
Best regards
Anton
Am Fr., 23. Juni 2023 um 20:49 Uhr schrieb Ola Lundqvist <ola@inguza.com>:
>
> Hi Anton, all
>
> Well even if there are some systems affected I must say that if
> someone have removed urandom the behavior described is expected. I
> mean /dev/urandom is there for a reason. And yes there are better
> functions than rand() but I can hardly see this as a vulnerability. Or
> well it is, but it is the kind of vulnerability when you remove the
> device that provide randomness in the system.
>
> I would have marked them as "minor issue".
>
> Cheers
>
> // Ola
>
>
> On Fri, 23 Jun 2023 at 06:49, Anton Gladky <gladk@debian.org> wrote:
> >
> > Hi,
> >
> > two CVEs might be irrelevant for Debian systems. Can they be
> > tagged as "unaffected"? Or we have some systems, where
> > /dev/urandom is not existing?
> >
> > Thanks
> >
> > Anton
> >
>
>
> --
> --- Inguza Technology AB --- MSc in Information Technology ----
> | ola@inguza.com opal@debian.org |
> | http://inguza.com/ Mobile: +46 (0)70-332 1551 |
> ---------------------------------------------------------------
Reply to: