Date: Thu, 13 Jun 2013 10:02:38 +1000 From: Michael Samuel <mik@...net.net> To: oss-security@...ts.openwall.com Subject: Re: KDE Paste Applet Ok, so the fix for this uses KRandom::random()... I suggest leaving the KDE Paste fix as-is and replacing KRandom with something that just fills an integer from /dev/urandom - then we can save a few CVE numbers for the rest of the year. qrand() should probably also do the same, especially since cnonces for HTTP auth are using it - that means there's only 2^32 (at best) possible cnonces... Regards, Michael On 31 May 2013 22:43, Jeff Mitchell <mitchell@....org> wrote: > Michael Samuel wrote: > >> Is anyone from KDE working on fixing this? I wrote a quick patch and >> was hoping somebody from the KDE team could vet and incorporate it. >> > > Actually sending the patch to the thread you started at security@....orgwould probably help grease wheels... > > --Jeff > >
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.