Your message dated Fri, 10 Jul 2009 05:02:11 +0000
with message-id <[email protected]>
and subject line Bug#532520: fixed in lynx-cur 2.8.7rel.1-1
has caused the Debian Bug report #532520,
regarding predictable random number generator used in web browsers
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
532520: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=532520
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
package: webkit
severity: serious
tags: security
hello,
it has been discovered that all of the major web browsers use a
predictable pseudo-random number generator (PRNG). please see
reference [0]. the robust solution is to switch to a provably
unpredictable PRNG such as Blum Blum Shub [1,2].
[0] http://www.trusteer.com/temporary-user-tracking-in-major-browsers
[1] Lenore Blum, Manual Blum, and Michael Shub, "A Simple Unpredictable
Pseudo-Random Number Generator," SIAM Journal on Computing, volume 15,
pages 364-383, May 1986.
[2] http://rng.doesntexist.org/gmpbbs
--- End Message ---
--- Begin Message ---
Source: lynx-cur
Source-Version: 2.8.7rel.1-1
We believe that the bug you reported is fixed in the latest version of
lynx-cur, which is due to be installed in the Debian FTP archive:
lynx-cur-wrapper_2.8.7rel.1-1_all.deb
to pool/main/l/lynx-cur/lynx-cur-wrapper_2.8.7rel.1-1_all.deb
lynx-cur_2.8.7rel.1-1.diff.gz
to pool/main/l/lynx-cur/lynx-cur_2.8.7rel.1-1.diff.gz
lynx-cur_2.8.7rel.1-1.dsc
to pool/main/l/lynx-cur/lynx-cur_2.8.7rel.1-1.dsc
lynx-cur_2.8.7rel.1-1_i386.deb
to pool/main/l/lynx-cur/lynx-cur_2.8.7rel.1-1_i386.deb
lynx-cur_2.8.7rel.1.orig.tar.gz
to pool/main/l/lynx-cur/lynx-cur_2.8.7rel.1.orig.tar.gz
lynx_2.8.7rel.1-1_all.deb
to pool/main/l/lynx-cur/lynx_2.8.7rel.1-1_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Atsuhito KOHDA <[email protected]> (supplier of updated lynx-cur package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Wed, 8 Jul 2009 21:08:12 +0900
Source: lynx-cur
Binary: lynx-cur lynx-cur-wrapper lynx
Architecture: source all i386
Version: 2.8.7rel.1-1
Distribution: unstable
Urgency: low
Maintainer: Atsuhito KOHDA <[email protected]>
Changed-By: Atsuhito KOHDA <[email protected]>
Description:
lynx - Text-mode WWW Browser (transitional package)
lynx-cur - Text-mode WWW Browser with NLS support (development version)
lynx-cur-wrapper - Wrapper for lynx-cur
Closes: 532520
Changes:
lynx-cur (2.8.7rel.1-1) unstable; urgency=low
.
* New Upstream Release.
* Linked against libbsd to fix a security problem. (Closes: #532520)
Checksums-Sha1:
858cde5701c5c338b2e1d7aa9528a913f3a7ad27 1171 lynx-cur_2.8.7rel.1-1.dsc
92d82ae9c24314d1f6c8fb49719491c08757f80e 3423782
lynx-cur_2.8.7rel.1.orig.tar.gz
693f2cde2b494769d0186a446e3b8676a4251cd1 30584 lynx-cur_2.8.7rel.1-1.diff.gz
7b19821595922cef5cb108796ab00ec563116b14 17652
lynx-cur-wrapper_2.8.7rel.1-1_all.deb
f45efbed1c1b3e4f136c2d0f1852197a8b914716 15118 lynx_2.8.7rel.1-1_all.deb
776e0e556f621398161ddf7490eb4e7c6aacdbbb 2099788 lynx-cur_2.8.7rel.1-1_i386.deb
Checksums-Sha256:
3e4181a1f52b244c5c4d7c8835ec0c108bb73e9239aa6af1c65a17179a1e344f 1171
lynx-cur_2.8.7rel.1-1.dsc
6570e3088c0ae22fbd48a528f4841a1f2b83f588c7d31c059c3bbbcd5c7e7298 3423782
lynx-cur_2.8.7rel.1.orig.tar.gz
fccf1a46e26069d87ca9f43c31e5d2e88f203e8f1ee6aca5873843fe944e73a3 30584
lynx-cur_2.8.7rel.1-1.diff.gz
5905eaedd8e9021151fd571036542685230c05be46c70527b25a8f7b35ac974a 17652
lynx-cur-wrapper_2.8.7rel.1-1_all.deb
fb45a3250733824c7297a4a6c6cd8cf3518e92b60d60bfe4826994fd8c3f2e66 15118
lynx_2.8.7rel.1-1_all.deb
1c116c1e34b225ba16c0f442135b44110715931df6939942f6370cd88a800893 2099788
lynx-cur_2.8.7rel.1-1_i386.deb
Files:
73d8712d69deece493d983a825f1cb71 1171 web extra lynx-cur_2.8.7rel.1-1.dsc
124253e635f7c76bdffc47b9d036c812 3423782 web extra
lynx-cur_2.8.7rel.1.orig.tar.gz
18c1fa32b53bdcd2bf40e07934738baf 30584 web extra lynx-cur_2.8.7rel.1-1.diff.gz
7f85699291cb6600c47943dfea2cb8f2 17652 web extra
lynx-cur-wrapper_2.8.7rel.1-1_all.deb
f3cd38207371e2cd1deed56acad3de2b 15118 web extra lynx_2.8.7rel.1-1_all.deb
447ef61414c2f62d14a973f2cab08783 2099788 web extra
lynx-cur_2.8.7rel.1-1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkpWyeYACgkQ1IXdL1v6kOyQUwCdH1yLmN3mFRaGeafsVu2pyNKG
B28An2tgEkYxW/BaiHeT+hcuxs4t6Ruk
=dJI+
-----END PGP SIGNATURE-----
--- End Message ---
