[Secure-testing-team] Lenny security bug sprint
Moritz Muehlenhoff
jmm at inutil.org
Mon Nov 17 23:38:10 UTC 2008
On Mon, Nov 17, 2008 at 03:17:12PM -0600, Raphael Geissert wrote:
> Moritz Muehlenhoff wrote:
> >
> > php5 / CVE-2008-4107
> > php-suhosin provides proper randomisation, but this needs more visible
> > documentation. Maybe the release notes or the existing
> > README.Debian.security?
>
> Well, since the mt_/rand functions are nowhere documented as strong for
> cryptographic pourposes I don't consider it a bug, but a missing enhancement.
Please update the Security Tracker entry, then.
Cheers,
Moritz
More information about the Secure-testing-team
mailing list