Re: about python-oauth2: CVE-2013-4347

2013-10-08 Thread Jakub Wilk
[Disclaimer: I don't know anything about OAuth, or python-oauth2.] * Paul Wise , 2013-10-09, 07:41: On Wed, Oct 9, 2013 at 5:46 AM, Philippe Makowski wrote: do you think that for fixing that, using return ''.join(random.choice('abcdefghijklmnopqrstuvwxyz123456789') for i in xrange(length))

Re: about python-oauth2: CVE-2013-4347

2013-10-08 Thread Philippe Makowski
Le 9 oct. 2013 01:42, "Paul Wise" a écrit : > > On Wed, Oct 9, 2013 at 5:46 AM, Philippe Makowski wrote: > > > do you think that for fixing that, using > > > > return ''.join(random.choice('abcdefghijklmnopqrstuvwxyz123456789') for > > i in xrange(length)) > ... > > would be an acceptable fix ? >

Re: about python-oauth2: CVE-2013-4347

2013-10-08 Thread Paul Wise
On Wed, Oct 9, 2013 at 5:46 AM, Philippe Makowski wrote: > do you think that for fixing that, using > > return ''.join(random.choice('abcdefghijklmnopqrstuvwxyz123456789') for > i in xrange(length)) ... > would be an acceptable fix ? No, from the announcement of this issue on oss-sec: ... the Py

about python-oauth2: CVE-2013-4347

2013-10-08 Thread Philippe Makowski
Hi, do you think that for fixing that, using return ''.join(random.choice('abcdefghijklmnopqrstuvwxyz123456789') for i in xrange(length)) instead of the actual return ''.join([str(random.randint(0, 9)) for i in range(length)]) would be an acceptable fix ? -- To UNSUBSCRIBE, email to debian

Re: Python-babel 1.3 available from Sid

2013-10-08 Thread Sebastian Ramacher
On 2013-10-08 12:52:35, Thomas Goirand wrote: > On 10/08/2013 03:34 AM, Sebastian Ramacher wrote: > > Hi > > > > On 2013-10-08 00:50:27, Thomas Goirand wrote: > >> Hi, > >> > >> FYI, I have uploaded python-babel 1.3 in Sid. I couldn't wait for more, > >> so I did the work... > >> > >> I haven't pu

Re: Python-babel 1.3 available from Sid

2013-10-08 Thread Sebastian Ramacher
On 2013-10-08 09:13:54, Vincent Bernat wrote: > ❦ 8 octobre 2013 07:18 CEST, Andrey Rahmatullin  : > > >> Though probably writing in this bug would > >> have been more efficient than writing in the topic of the IRC channel? > > > Yes, that's my only mistake. > > Though of course it's a fundamen

Re: Python-babel 1.3 available from Sid

2013-10-08 Thread Vincent Bernat
❦ 8 octobre 2013 07:18 CEST, Andrey Rahmatullin  : >> Though probably writing in this bug would >> have been more efficient than writing in the topic of the IRC channel? > Yes, that's my only mistake. > Though of course it's a fundamental problem with non-DD packages: I've > made a package I fi