atomo64-guest at alioth.debian.org
2008-Nov-18 02:05 UTC
[Secure-testing-commits] r10408 - data/CVE
Author: atomo64-guest Date: 2008-11-18 02:05:40 +0000 (Tue, 18 Nov 2008) New Revision: 10408 Modified: data/CVE/list Log: The mt_/rand issues in PHP are unimportant Modified: data/CVE/list ==================================================================--- data/CVE/list 2008-11-17 23:34:38 UTC (rev 10407) +++ data/CVE/list 2008-11-18 02:05:40 UTC (rev 10408) @@ -2203,7 +2203,9 @@ CVE-2008-4110 (Buffer overflow in the SQLVDIRLib.SQLVDirControl ActiveX control in ...) NOT-FOR-US: Microsoft CVE-2008-4107 (The (1) rand and (2) mt_rand functions in PHP 5.2.6 do not produce ...) - - php5 <unfixed> (bug #500087) + - php5 <unfixed> (unimportant; bug #500087) + NOTE: the rand() and mt_rand() functions were never said to be cryptographically strong + NOTE: http://www.math.sci.hiroshima-u.ac.jp/~m-mat/MT/efaq.html CVE-2008-4106 (WordPress before 2.6.2 does not properly handle MySQL warnings about ...) - wordpress 2.5.1-8 (bug #500115) CVE-2008-4105 (JRequest in Joomla! 1.5 before 1.5.7 does not sanitize variables that ...)