[pkg-php-pear] Bug#813653: jessie-pu: package symfony/2.3.21+dfsg-4+deb8u3
taffit at debian.org
Sat Feb 20 14:59:54 UTC 2016
Le 20/02/2016 10:25, Julien Cristau a écrit :
> Control: tags -1 moreinfo
>> symfony (2.3.21+dfsg-4+deb8u3) jessie; urgency=medium
>> [ Daniel Beyer ]
>> * Backport a security fix from 2.3.37
>> - SecureRandom's fallback not secure when OpenSSL fails [CVE-2016-1902]
> Why have a fallback at all? When would openssl be expected to fail?
Since php5 in Debian is built with openssl, my understanding is it would
only be used on environments where it has been rebuilt with OpenSSL
support turned off (I’m not sure one can deactivate it at run time, so
openssl_random_pseudo_bytes() should always be available in a default
Debian setup if I understood correctly).
Daniel, can you confirm or provide more information about Julien’s question?
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 473 bytes
Desc: OpenPGP digital signature
More information about the pkg-php-pear