Le samedi 06 février 2010 à 08:52 +0100, Julien Valroff a écrit :
Le samedi 06 février 2010 à 01:25 -0600, Raphael Geissert a écrit :
Hi Julien,
On 6 February 2010 01:19, Julien Valroff jul...@kirya.net wrote:
Hi Raphael,
Le samedi 06 février 2010 à 01:04 -0600, Raphael Geissert a
Hi,
I plan to release a DSA fixing this issue with the attached patch.
Please upload a new version to sid containing the fix.
Cheers,
--
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net
Fix CVE-2009-1629: weak session id generation
Use a cookie with a strong random name and a
Hi Raphael,
Le samedi 06 février 2010 à 01:04 -0600, Raphael Geissert a écrit :
Hi,
I plan to release a DSA fixing this issue with the attached patch.
Please upload a new version to sid containing the fix.
I'll work on this today. Thanks a lot for your work!
Should I upload a version with
Hi Julien,
On 6 February 2010 01:19, Julien Valroff jul...@kirya.net wrote:
Hi Raphael,
Le samedi 06 février 2010 à 01:04 -0600, Raphael Geissert a écrit :
Hi,
I plan to release a DSA fixing this issue with the attached patch.
Please upload a new version to sid containing the fix.
I'll
Le samedi 06 février 2010 à 01:25 -0600, Raphael Geissert a écrit :
Hi Julien,
On 6 February 2010 01:19, Julien Valroff jul...@kirya.net wrote:
Hi Raphael,
Le samedi 06 février 2010 à 01:04 -0600, Raphael Geissert a écrit :
Hi,
I plan to release a DSA fixing this issue with the
* Raphael Geissert:
Cc'ing the stable security team as I would some input from them. As
mentioned by Florian on IRC there's a bug on some browsers that
could let other websites predict the sequence of Math.random(). On
unstable the cryptojs library from stanford could be packaged and
used
2009/10/10 Florian Weimer f...@deneb.enyo.de:
* Raphael Geissert:
Cc'ing the stable security team as I would some input from them. As
mentioned by Florian on IRC there's a bug on some browsers that
could let other websites predict the sequence of Math.random(). On
unstable the cryptojs
Processing commands for cont...@bugs.debian.org:
tag 528938 patch
Bug #528938 [ajaxterm] CVE-2009-1629: generates session IDs with predictable
random numbers
Added tag(s) patch.
thanks
Stopping processing here.
Please contact me if you need assistance.
Debian bug tracking system
tag 528938 patch
thanks
Hi,
Taking a look at this long standing security and RC bug, attached is my
proposed patch for the sid issue.
A 255^255 session id should be good enough.
Cc'ing the stable security team as I would some input from them.
As mentioned by Florian on IRC there's a bug on
Package: ajaxterm
Version: 0.10-4
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for ajaxterm.
CVE-2009-1629[0]:
| ajaxterm.js in AjaxTerm 0.10 and earlier generates session IDs with
|
10 matches
Mail list logo