Your message dated Fri, 13 Jan 2017 13:05:30 +0000
with message-id <e1cs1xu-0009dr...@fasolo.debian.org>
and subject line Bug#841781: Removed package(s) from unstable
has caused the Debian Bug report #500087,
regarding CVE-2008-4107: The rand and mt_rand functions in PHP produce weak 
random numbers
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
500087: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=500087
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: php5
Version: 5.2.6-3
Severity: important
Tags: security


>From CVE-2008-4107:
The (1) rand and (2) mt_rand functions in PHP 5.2.6 do not produce
cryptographically strong random numbers, which allows attackers to
leverage exposures in products that rely on these functions for
security-relevant functionality, as demonstrated by the password-reset
functionality in Joomla! 1.5.x and WordPress before 2.6.2, a different
vulnerability than CVE-2008-2107, CVE-2008-2108, and CVE-2008-4102.


The advisory
http://www.suspekt.org/2008/08/17/mt_srand-and-not-so-random-numbers/
talks about a new suhosin release that fixes this in php and not in the
applications. Maybe this fix could be backported to lenny once it becomes
available?



--- End Message ---
--- Begin Message ---
Version: 5.6.26+dfsg-1+rm

Dear submitter,

as the package php5 has just been removed from the Debian archive
unstable we hereby close the associated bug reports.  We are sorry
that we couldn't deal with your issue properly.

For details on the removal, please see https://bugs.debian.org/841781

The version of this package that was in Debian prior to this removal
can still be found using http://snapshot.debian.org/.

This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
ftpmas...@ftp-master.debian.org.

Debian distribution maintenance software
pp.
Scott Kitterman (the ftpmaster behind the curtain)

--- End Message ---

Reply via email to