[Secure-testing-commits] r10408 - data/CVE
atomo64-guest at alioth.debian.org
atomo64-guest at alioth.debian.org
Tue Nov 18 02:05:41 UTC 2008
Author: atomo64-guest
Date: 2008-11-18 02:05:40 +0000 (Tue, 18 Nov 2008)
New Revision: 10408
Modified:
data/CVE/list
Log:
The mt_/rand issues in PHP are unimportant
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-11-17 23:34:38 UTC (rev 10407)
+++ data/CVE/list 2008-11-18 02:05:40 UTC (rev 10408)
@@ -2203,7 +2203,9 @@
CVE-2008-4110 (Buffer overflow in the SQLVDIRLib.SQLVDirControl ActiveX control in ...)
NOT-FOR-US: Microsoft
CVE-2008-4107 (The (1) rand and (2) mt_rand functions in PHP 5.2.6 do not produce ...)
- - php5 <unfixed> (bug #500087)
+ - php5 <unfixed> (unimportant; bug #500087)
+ NOTE: the rand() and mt_rand() functions were never said to be cryptographically strong
+ NOTE: http://www.math.sci.hiroshima-u.ac.jp/~m-mat/MT/efaq.html
CVE-2008-4106 (WordPress before 2.6.2 does not properly handle MySQL warnings about ...)
- wordpress 2.5.1-8 (bug #500115)
CVE-2008-4105 (JRequest in Joomla! 1.5 before 1.5.7 does not sanitize variables that ...)
More information about the Secure-testing-commits
mailing list