Re: about python-oauth2: CVE-2013-4347

Paul Wise Tue, 08 Oct 2013 16:43:03 -0700

On Wed, Oct 9, 2013 at 5:46 AM, Philippe Makowski wrote:

> do you think that for fixing that, using
>
> return ''.join(random.choice('abcdefghijklmnopqrstuvwxyz123456789') for
> i in xrange(length))
...
> would be an acceptable fix ?


No, from the announcement of this issue on oss-sec:

... the Python 'random' documentation clearly states the results are
repeatable ...

http://www.openwall.com/lists/oss-security/2013/09/12/5

-- 
bye,
pabs

http://wiki.debian.org/PaulWise


-- 
To UNSUBSCRIBE, email to debian-python-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/caktje6fsygkcqy56grukxwcbrkxbt2m5f9apawu0c+d-jok...@mail.gmail.com

Re: about python-oauth2: CVE-2013-4347

Reply via email to