[Secure-testing-team] Lenny security bug sprint
Raphael Geissert
atomo64+debian at gmail.com
Mon Nov 17 21:17:12 UTC 2008
Moritz Muehlenhoff wrote:
>
> php5 / CVE-2008-4107
> php-suhosin provides proper randomisation, but this needs more visible
> documentation. Maybe the release notes or the existing
> README.Debian.security?
Well, since the mt_/rand functions are nowhere documented as strong for
cryptographic pourposes I don't consider it a bug, but a missing enhancement.
Not to mention that most of its side effects were made worst because of the poor
seeding of the PRNG via mt_/srand.
> smarty CVE-2008-4810 / CVE-2008-4811
> I'm not sure about the exact status.
>
-4810 is about the original bug, -4811 is about the incomplete fix for all the
attack vectors. Haven't heard from upstream about -4811
>
> wordpress (504771)
> No patch yet.
The maintainer prepared a new version, which is waiting for somebody to sponsor
it, adding yet another cookies-checking routine which denies the user to browse
anything until some dangerous cookies are deleted.
PS. I just found a XSS vuln in phpCAS which is embedded in a couple of packages
and is now an ITP. Does anyone know about a phpCAS installation where I could
test my findings as to provide more precise information?
Cheers,
--
Raphael Geissert - Debian Maintainer
www.debian.org - get.debian.net
More information about the Secure-testing-team
mailing list