Bug#528938: CVE-2009-1629: generates session IDs with predictable random numbers

Le samedi 06 février 2010 à 08:52 +0100, Julien Valroff a écrit : > Le samedi 06 février 2010 à 01:25 -0600, Raphael Geissert a écrit : > > Hi Julien, > > > > On 6 February 2010 01:19, Julien Valroff wrote: > > > Hi Raphael, > > > > > > Le samedi 06 février 2010 à 01:04 -0600, Raphael Geissert a

Bug#528938: CVE-2009-1629: generates session IDs with predictable random numbers

Le samedi 06 février 2010 à 01:25 -0600, Raphael Geissert a écrit : > Hi Julien, > > On 6 February 2010 01:19, Julien Valroff wrote: > > Hi Raphael, > > > > Le samedi 06 février 2010 à 01:04 -0600, Raphael Geissert a écrit : > >> Hi, > >> > >> I plan to release a DSA fixing this issue with the at

Bug#528938: CVE-2009-1629: generates session IDs with predictable random numbers

Hi Julien, On 6 February 2010 01:19, Julien Valroff wrote: > Hi Raphael, > > Le samedi 06 février 2010 à 01:04 -0600, Raphael Geissert a écrit : >> Hi, >> >> I plan to release a DSA fixing this issue with the attached patch. >> Please upload a new version to sid containing the fix. > > I'll work

Bug#528938: CVE-2009-1629: generates session IDs with predictable random numbers

Hi Raphael, Le samedi 06 février 2010 à 01:04 -0600, Raphael Geissert a écrit : > Hi, > > I plan to release a DSA fixing this issue with the attached patch. > Please upload a new version to sid containing the fix. I'll work on this today. Thanks a lot for your work! Should I upload a version wi

Bug#528938: CVE-2009-1629: generates session IDs with predictable random numbers

Hi, I plan to release a DSA fixing this issue with the attached patch. Please upload a new version to sid containing the fix. Cheers, -- Raphael Geissert - Debian Developer www.debian.org - get.debian.net Fix CVE-2009-1629: weak session id generation Use a cookie with a strong random name and a

Bug#528938: CVE-2009-1629: generates session IDs with predictable random numbers

2009/10/10 Florian Weimer : > * Raphael Geissert: > >> Cc'ing the stable security team as I would some input from them.  As >> mentioned by Florian on IRC there's a bug on some browsers that >> could let other websites predict the sequence of Math.random(). On >> unstable the cryptojs library from

Bug#528938: CVE-2009-1629: generates session IDs with predictable random numbers

* Raphael Geissert: > Cc'ing the stable security team as I would some input from them. As > mentioned by Florian on IRC there's a bug on some browsers that > could let other websites predict the sequence of Math.random(). On > unstable the cryptojs library from stanford could be packaged and > us

Bug#528938: CVE-2009-1629: generates session IDs with predictable random numbers

tag 528938 patch thanks Hi, Taking a look at this long standing security and RC bug, attached is my proposed patch for the sid issue. A 255^255 session id should be good enough. Cc'ing the stable security team as I would some input from them. As mentioned by Florian on IRC there's a bug on som

Processed: Re: Bug#528938: CVE-2009-1629: generates session IDs with predictable random numbers

Processing commands for cont...@bugs.debian.org: > tag 528938 patch Bug #528938 [ajaxterm] CVE-2009-1629: generates session IDs with predictable random numbers Added tag(s) patch. > thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrat

Bug#528938: CVE-2009-1629: generates session IDs with predictable random numbers

Package: ajaxterm Version: 0.10-4 Severity: serious Tags: security -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for ajaxterm. CVE-2009-1629[0]: | ajaxterm.js in AjaxTerm 0.10 and earlier generates session IDs with | pre