[Bug 1179380] Re: paste widget "password" generator uses (very) insecure randomness

2015-09-07 Thread Bug Watch Updater
** Changed in: kdeplasma-addons (Debian) Status: New => Fix Released -- You received this bug notification because you are a member of Kubuntu Bugs, which is subscribed to kdeplasma-addons in Ubuntu. https://bugs.launchpad.net/bugs/1179380 Title: paste widget "password" generator uses (

[Bug 1179380] Re: paste widget "password" generator uses (very) insecure randomness

2014-12-04 Thread Rolf Leggewie
raring has seen the end of its life and is no longer receiving any updates. Marking the raring task for this ticket as "Won't Fix". ** Changed in: kdeplasma-addons (Ubuntu Raring) Status: Incomplete => Won't Fix -- You received this bug notification because you are a member of Kubuntu Bug

[Bug 1179380] Re: paste widget "password" generator uses (very) insecure randomness

2013-08-16 Thread Marc Deslauriers
This issue has been rated "low" by the security team, so a fix for this issue will be bundled in the next security update that contains a "medium" or higher. Unsubscribing sponsors for now. -- You received this bug notification because you are a member of Kubuntu Bugs, which is subscribed to kde

[Bug 1179380] Re: paste widget "password" generator uses (very) insecure randomness

2013-07-22 Thread mik
Last thing I heard was on oss-sec list: Please use CVE-2013-2213 for KDE KRandom::random() CWE-334: Small Space of Random Values. So I guess patching KRandom to use qca::random (either using TLS or a lock) would be the easy fix that would let people sleep at night. ** CVE added: http://www.cve.m

Re: [Bug 1179380] Re: paste widget "password" generator uses (very) insecure randomness

2013-06-15 Thread Scott Kitterman
Check and make sure there wasn't another change after that. -- You received this bug notification because you are a member of Kubuntu Bugs, which is subscribed to kdeplasma-addons in Ubuntu. https://bugs.launchpad.net/bugs/1179380 Title: paste widget "password" generator uses (very) insecure r

[Bug 1179380] Re: paste widget "password" generator uses (very) insecure randomness

2013-06-14 Thread mik
Yeah, that commit's wrong, unless they're assuming KRandom is a secure PRNG, in which case we should assign another CVE and I'll write a patch for that. -- You received this bug notification because you are a member of Kubuntu Bugs, which is subscribed to kdeplasma-addons in Ubuntu. https://bugs.

[Bug 1179380] Re: paste widget "password" generator uses (very) insecure randomness

2013-06-03 Thread Jonathan Riddell
now fixed upstream as bug 36a1fe49cb70f717c4a6e92c9186503a8dce -- You received this bug notification because you are a member of Kubuntu Bugs, which is subscribed to kdeplasma-addons in Ubuntu. https://bugs.launchpad.net/bugs/1179380 Title: paste widget "password" generator uses (very) ins