Summary: | <kde-base/kdeplasma-addons-4.10.3-r1 : insecure password generator (CVE-2013-2120) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | ||
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.openwall.com/lists/oss-security/2013/05/28/5 | ||
See Also: |
https://bugzilla.redhat.com/show_bug.cgi?id=969421 https://launchpad.net/bugs/1179380 |
||
Whiteboard: | B4 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2013-05-31 13:27:32 UTC
Patched in CVS. It is ready to stabilise at your convenience. + 04 Jun 2013; Michael Palimaka <kensington@gentoo.org> + +files/kdeplasma-addons-4.10.3-cve-2013-2120.patch, + +kdeplasma-addons-4.10.3-r1.ebuild: + Backport patch from upstream to fix CVE-2013-2120 wrt bug #471904. OK let's get this fixed. Please stabilize kde-base/kdeplasma-addons-4.10.3-r1 amd64 ppc ppc64 x86 amd64 stable x86 stable ppc stable ppc64 stable Thanks all, kde herd has nothing to do here anymore. + 09 Jun 2013; Johannes Huber <johu@gentoo.org> -kdeplasma-addons-4.10.3.ebuild: + Remove old wrt bug #471904. According to RedHat "That fix is not much better. KRandom is just rand(), so there's only 2^32 possible seeds.". Thoughts? (In reply to Michael Palimaka (kensington) from comment #8) > According to RedHat "That fix is not much better. KRandom is just rand(), > so there's only 2^32 possible seeds.". > > Thoughts? This is now tracked in bug #474986 instead. GLSA vote: no. GLSA vote: no Closing as noglsa |