Bug#528938: CVE-2009-1629: generates session IDs with predictable random numbers

Le samedi 06 février 2010 à 08:52 +0100, Julien Valroff a écrit : Le samedi 06 février 2010 à 01:25 -0600, Raphael Geissert a écrit : Hi Julien, On 6 February 2010 01:19, Julien Valroff jul...@kirya.net wrote: Hi Raphael, Le samedi 06 février 2010 à 01:04 -0600, Raphael Geissert a

Bug#528938: CVE-2009-1629: generates session IDs with predictable random numbers

Hi, I plan to release a DSA fixing this issue with the attached patch. Please upload a new version to sid containing the fix. Cheers, -- Raphael Geissert - Debian Developer www.debian.org - get.debian.net Fix CVE-2009-1629: weak session id generation Use a cookie with a strong random name and a

Bug#528938: CVE-2009-1629: generates session IDs with predictable random numbers

Hi Raphael, Le samedi 06 février 2010 à 01:04 -0600, Raphael Geissert a écrit : Hi, I plan to release a DSA fixing this issue with the attached patch. Please upload a new version to sid containing the fix. I'll work on this today. Thanks a lot for your work! Should I upload a version with

Bug#528938: CVE-2009-1629: generates session IDs with predictable random numbers

Hi Julien, On 6 February 2010 01:19, Julien Valroff jul...@kirya.net wrote: Hi Raphael, Le samedi 06 février 2010 à 01:04 -0600, Raphael Geissert a écrit : Hi, I plan to release a DSA fixing this issue with the attached patch. Please upload a new version to sid containing the fix. I'll

Bug#528938: CVE-2009-1629: generates session IDs with predictable random numbers

Le samedi 06 février 2010 à 01:25 -0600, Raphael Geissert a écrit : Hi Julien, On 6 February 2010 01:19, Julien Valroff jul...@kirya.net wrote: Hi Raphael, Le samedi 06 février 2010 à 01:04 -0600, Raphael Geissert a écrit : Hi, I plan to release a DSA fixing this issue with the

Bug#528938: CVE-2009-1629: generates session IDs with predictable random numbers

* Raphael Geissert: Cc'ing the stable security team as I would some input from them. As mentioned by Florian on IRC there's a bug on some browsers that could let other websites predict the sequence of Math.random(). On unstable the cryptojs library from stanford could be packaged and used

Bug#528938: CVE-2009-1629: generates session IDs with predictable random numbers

2009/10/10 Florian Weimer f...@deneb.enyo.de: * Raphael Geissert: Cc'ing the stable security team as I would some input from them.  As mentioned by Florian on IRC there's a bug on some browsers that could let other websites predict the sequence of Math.random(). On unstable the cryptojs

Processed: Re: Bug#528938: CVE-2009-1629: generates session IDs with predictable random numbers

Processing commands for cont...@bugs.debian.org: tag 528938 patch Bug #528938 [ajaxterm] CVE-2009-1629: generates session IDs with predictable random numbers Added tag(s) patch. thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system

Bug#528938: CVE-2009-1629: generates session IDs with predictable random numbers

tag 528938 patch thanks Hi, Taking a look at this long standing security and RC bug, attached is my proposed patch for the sid issue. A 255^255 session id should be good enough. Cc'ing the stable security team as I would some input from them. As mentioned by Florian on IRC there's a bug on

Bug#528938: CVE-2009-1629: generates session IDs with predictable random numbers

Package: ajaxterm Version: 0.10-4 Severity: serious Tags: security -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, the following CVE (Common Vulnerabilities Exposures) id was published for ajaxterm. CVE-2009-1629[0]: | ajaxterm.js in AjaxTerm 0.10 and earlier generates session IDs with |