oss-sec mailing list archives
Re: KDE Paste Applet
From: Michael Samuel <mik () miknet net>
Date: Thu, 13 Jun 2013 10:02:38 +1000
Ok, so the fix for this uses KRandom::random()... I suggest leaving the KDE Paste fix as-is and replacing KRandom with something that just fills an integer from /dev/urandom - then we can save a few CVE numbers for the rest of the year. qrand() should probably also do the same, especially since cnonces for HTTP auth are using it - that means there's only 2^32 (at best) possible cnonces... Regards, Michael On 31 May 2013 22:43, Jeff Mitchell <mitchell () kde org> wrote:
Michael Samuel wrote:Is anyone from KDE working on fixing this? I wrote a quick patch and was hoping somebody from the KDE team could vet and incorporate it.Actually sending the patch to the thread you started at security@kde.orgwould probably help grease wheels... --Jeff
Current thread:
- KDE Paste Applet Michael Samuel (May 28)
- Re: KDE Paste Applet Kurt Seifried (May 29)
- Re: KDE Paste Applet Michael Samuel (May 30)
- Re: KDE Paste Applet Jeff Mitchell (May 31)
- Re: KDE Paste Applet Michael Samuel (Jun 12)
- Re: KDE Paste Applet Michael Samuel (Jun 25)
- Re: KDE Paste Applet Kurt Seifried (Jun 25)
- Re: KDE Paste Applet Garth Mollett (Jun 26)
- Re: KDE Paste Applet Michael Samuel (May 30)
- Re: KDE Paste Applet Kurt Seifried (May 29)