* Florian Weimer <[EMAIL PROTECTED]> [2008-05-13 14:06 +0200]: > Luciano Bello discovered that the random number generator in Debian's > openssl package is predictable. This is caused by an incorrect > Debian-specific change to the openssl package (CVE-2008-0166). As a > result, cryptographic key material may be guessable.
The diffs http://svn.debian.org/viewsvn/pkg-openssl/openssl/trunk/rand/md_rand.c?rev=141&view=diff&r1=141&r2=140&p1=openssl/trunk/rand/md_rand.c&p2=/openssl/trunk/rand/md_rand.c and http://svn.debian.org/viewsvn/pkg-openssl/openssl/trunk/crypto/rand/md_rand.c?rev=300&view=diff&r1=300&r2=299&p1=openssl/trunk/crypto/rand/md_rand.c&p2=/openssl/trunk/crypto/rand/md_rand.c (I got them from http://www.links.org/?p=327) suggest, that only half of the problem was fixed. Is this correct? Nicolas -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
