Package: libapache-session-perl Version: 1.93-3 Severity: important Tags: security
Hi, As discussed in oss-security[1], libapache-session-perl uses a poor source of entropy in Apache::Session::Generate::MD5. The critical part is moving away from rand (e.g. to using urandom), but it would also be a good time to update the way the id is generated. The details are in the oss-sec thread. [1] https://www.openwall.com/lists/oss-security/2019/06/15/1 Cheers, -- Raphael Geissert - Debian Developer www.debian.org