Peter Samuelson wrote:
Right. Now that apr reads /dev/urandom, there doesn't seem to still be
a need for this patch. I suppose I'll remove it in the next upload.
Yay. :) Thanks for your attention to detail.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a
Hi again,
Jonathan Nieder wrote:
In its implementation of CRAM-MD5 authentication, svnserve uses
a challenge of
nonce . time @ hostname
After the fix to bug#285708, the nonce is not actually random, but is
just the current time a few moments before the later time component
is
Another detail I missed before: nowadays apr_generate_random_bytes()
reads from urandom, not /dev/random, so this would not cause
bug#285708 to come back.
Right. Now that apr reads /dev/urandom, there doesn't seem to still be
a need for this patch. I suppose I'll remove it in the next
Package: subversion
Version: 1.6.17dfsg-2
Severity: important
Tags: security patch
Hi,
In its implementation of CRAM-MD5 authentication, svnserve uses
a challenge of
nonce . time @ hostname
After the fix to bug#285708, the nonce is not actually random, but is
just the current time a
4 matches
Mail list logo