Unsafe use of g_random_int()
Michael McConville
mmcco at mykolab.com
Wed Oct 21 10:54:51 EDT 2015
Ethan Blanton wrote:
> > Early November looks good to me.
> >
> > What is needed to be done? Merge Michael's code from the rand repo
> > and ask for the CVE?
>
> For this particular bug, yeah. Michael, is that entirely correct?
Yeah. To clarify: I understand that this is a minor security issue and
that a CVE isn't clearly necessary. If it's going to be more hassle than
it's worth, we can skip it.
I've looked over my randomness API a handful of times, tested it, and it
seems good to go. Another pair of eyeballs or three would be
appreciated, though.
More information about the security
mailing list