Thank you all for your replies! @Moritz, could you please create an issue with a the possible proposal, how it should look like?
Best regards Anton Am Fr., 23. Juni 2023 um 20:49 Uhr schrieb Ola Lundqvist <o...@inguza.com>: > > Hi Anton, all > > Well even if there are some systems affected I must say that if > someone have removed urandom the behavior described is expected. I > mean /dev/urandom is there for a reason. And yes there are better > functions than rand() but I can hardly see this as a vulnerability. Or > well it is, but it is the kind of vulnerability when you remove the > device that provide randomness in the system. > > I would have marked them as "minor issue". > > Cheers > > // Ola > > > On Fri, 23 Jun 2023 at 06:49, Anton Gladky <gl...@debian.org> wrote: > > > > Hi, > > > > two CVEs might be irrelevant for Debian systems. Can they be > > tagged as "unaffected"? Or we have some systems, where > > /dev/urandom is not existing? > > > > Thanks > > > > Anton > > > > > -- > --- Inguza Technology AB --- MSc in Information Technology ---- > | o...@inguza.com o...@debian.org | > | http://inguza.com/ Mobile: +46 (0)70-332 1551 | > ---------------------------------------------------------------
