Le samedi 06 février 2010 à 08:52 +0100, Julien Valroff a écrit :
Le samedi 06 février 2010 à 01:25 -0600, Raphael Geissert a écrit :
Hi Julien,
On 6 February 2010 01:19, Julien Valroff jul...@kirya.net wrote:
Hi Raphael,
Le samedi 06 février 2010 à 01:04 -0600, Raphael Geissert a
Hi,
I plan to release a DSA fixing this issue with the attached patch.
Please upload a new version to sid containing the fix.
Cheers,
--
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net
Fix CVE-2009-1629: weak session id generation
Use a cookie with a strong random name and a
Hi Raphael,
Le samedi 06 février 2010 à 01:04 -0600, Raphael Geissert a écrit :
Hi,
I plan to release a DSA fixing this issue with the attached patch.
Please upload a new version to sid containing the fix.
I'll work on this today. Thanks a lot for your work!
Should I upload a version with
Hi Julien,
On 6 February 2010 01:19, Julien Valroff jul...@kirya.net wrote:
Hi Raphael,
Le samedi 06 février 2010 à 01:04 -0600, Raphael Geissert a écrit :
Hi,
I plan to release a DSA fixing this issue with the attached patch.
Please upload a new version to sid containing the fix.
I'll
Le samedi 06 février 2010 à 01:25 -0600, Raphael Geissert a écrit :
Hi Julien,
On 6 February 2010 01:19, Julien Valroff jul...@kirya.net wrote:
Hi Raphael,
Le samedi 06 février 2010 à 01:04 -0600, Raphael Geissert a écrit :
Hi,
I plan to release a DSA fixing this issue with the
* Raphael Geissert:
Cc'ing the stable security team as I would some input from them. As
mentioned by Florian on IRC there's a bug on some browsers that
could let other websites predict the sequence of Math.random(). On
unstable the cryptojs library from stanford could be packaged and
used
2009/10/10 Florian Weimer f...@deneb.enyo.de:
* Raphael Geissert:
Cc'ing the stable security team as I would some input from them. As
mentioned by Florian on IRC there's a bug on some browsers that
could let other websites predict the sequence of Math.random(). On
unstable the cryptojs
tag 528938 patch
thanks
Hi,
Taking a look at this long standing security and RC bug, attached is my
proposed patch for the sid issue.
A 255^255 session id should be good enough.
Cc'ing the stable security team as I would some input from them.
As mentioned by Florian on IRC there's a bug on
Package: ajaxterm
Version: 0.10-4
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for ajaxterm.
CVE-2009-1629[0]:
| ajaxterm.js in AjaxTerm 0.10 and earlier generates session IDs with
|
9 matches
Mail list logo