Unsafe use of g_random_int()

Michael McConville mmcco at mykolab.com
Wed Oct 21 10:54:51 EDT 2015

Ethan Blanton wrote:
> > Early November looks good to me.
> > 
> > What is needed to be done? Merge Michael's code from the rand repo
> > and ask for the CVE?
> For this particular bug, yeah.  Michael, is that entirely correct?

Yeah. To clarify: I understand that this is a minor security issue and
that a CVE isn't clearly necessary. If it's going to be more hassle than
it's worth, we can skip it.

I've looked over my randomness API a handful of times, tested it, and it
seems good to go. Another pair of eyeballs or three would be
appreciated, though.

More information about the security mailing list