Summary: | <app-admin/pwgen-2.07: multiple vulnerabilities (CVE-2013-{4440,4441,4442}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | alexander, jlec, livecd, siarhei.siamashka |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.openwall.com/lists/oss-security/2013/10/16/15 | ||
Whiteboard: | B4 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2013-10-16 20:47:47 UTC
Adjust CVEs list in summary, CVE-2013-4443 was rejected[1] [1] - http://seclists.org/oss-sec/2013/q4/162 arches please stable. Arches, please test and mark stable: =app-admin/pwgen-2.07 Target keywords : "alpha amd64 hppa ia64 ppc ppc64 sparc x86" Stable for HPPA. amd64 stable x86 stable ppc stable ppc64 stable ia64 stable Stable on alpha. sparc stable. Maintainer(s), please cleanup. Security, please vote. + 01 Dec 2014; Justin Lecher <jlec@gentoo.org> -pwgen-2.06-r1.ebuild: + Drop old vulnerable versions, #488300 + CVE-2013-4442 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4442): Password Generator (aka Pwgen) before 2.07 uses weak pseudo generated numbers when /dev/urandom is unavailable, which makes it easier for context-dependent attackers to guess the numbers. CVE-2013-4440 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4440): Password Generator (aka Pwgen) before 2.07 generates weak non-tty passwords, which makes it easier for context-dependent attackers to guess the password via a brute-force attack. GLSA vote: no. GLSA Vote: No |