Jakub Wilk [2013-10-09 08:40] : > Yeah, the oss-sec mail is about using a RNG that is not suitable for > cryptographic purposes. This can be easily fixed by using > "random.SystemRandom" (which uses /dev/urandom) instead of the "random" > module directly (which has a Mersenne Twister under the hood).
yes like that I think https://github.com/pmakowski/python-oauth2/commit/d7f5cb079c9517703778bac08c7ed5591ad4487d but it let the other CVE-2013-4346 about _check_signature() ignoring the nonce value when validating signed urls any idea ? -- To UNSUBSCRIBE, email to debian-python-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/526193eb.3090...@espelida.com
