[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] KDE Paste Applet
From: Michael Samuel <mik () miknet ! net>
Date: 2013-06-13 0:02:38
Message-ID: CACYkhxjGw6DC1+OBMcTid6S2dAFe5JuZC2LQ-+_XGYERRVU2eg () mail ! gmail ! com
[Download RAW message or body]
Ok, so the fix for this uses KRandom::random()...
I suggest leaving the KDE Paste fix as-is and replacing KRandom with
something that just fills an integer from /dev/urandom - then we can save a
few CVE numbers for the rest of the year.
qrand() should probably also do the same, especially since cnonces for HTTP
auth are using it - that means there's only 2^32 (at best) possible
cnonces...
Regards,
Michael
On 31 May 2013 22:43, Jeff Mitchell <mitchell@kde.org> wrote:
> Michael Samuel wrote:
>
> > Is anyone from KDE working on fixing this? I wrote a quick patch and
> > was hoping somebody from the KDE team could vet and incorporate it.
> >
>
> Actually sending the patch to the thread you started at security@kde.orgwould \
> probably help grease wheels...
> --Jeff
>
>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic