[Pkg-php-commits] [php/debian-etch] fix for CVE-2008-2107/CVE-2008-2108: crypto weaknesses in php_rand module
Sean Finney
seanius at debian.org
Tue Apr 28 18:00:42 UTC 2009
this patch was imported from the dapper 5.1.2-1ubuntu3.12 security update.
---
debian/patches/212-CVE-2008-2107+2108.patch | 12 ++++++++++++
1 files changed, 12 insertions(+), 0 deletions(-)
create mode 100644 debian/patches/212-CVE-2008-2107+2108.patch
diff --git a/debian/patches/212-CVE-2008-2107+2108.patch b/debian/patches/212-CVE-2008-2107+2108.patch
new file mode 100644
index 0000000..f715bd6
--- /dev/null
+++ b/debian/patches/212-CVE-2008-2107+2108.patch
@@ -0,0 +1,12 @@
+diff -Naur php5-5.1.2.orig/ext/standard/php_rand.h php5-5.1.2/ext/standard/php_rand.h
+--- php5-5.1.2.orig/ext/standard/php_rand.h 2006-01-01 07:50:15.000000000 -0500
++++ php5-5.1.2/ext/standard/php_rand.h 2008-07-16 16:43:51.000000000 -0400
+@@ -49,7 +49,7 @@
+ #ifdef PHP_WIN32
+ #define GENERATE_SEED() ((long) (time(0) * GetCurrentProcessId() * 1000000 * php_combined_lcg(TSRMLS_C)))
+ #else
+-#define GENERATE_SEED() ((long) (time(0) * getpid() * 1000000 * php_combined_lcg(TSRMLS_C)))
++#define GENERATE_SEED() (((long) (time(0) * getpid())) ^ ((long) (1000000.0 * php_combined_lcg(TSRMLS_C))))
+ #endif
+
+ PHPAPI void php_srand(long seed TSRMLS_DC);
--
1.5.6.5
More information about the Pkg-php-commits
mailing list