Package: libapache-sessionx-perl Version: 2.01-5 Severity: important Tags: security
Hi, As discussed in oss-security[1], libapache-sessionx-perl uses a poor source of entropy in Apache::Session::Generate::MD5. The critical part is moving away from rand (e.g. to using urandom), but it would also be a good time to update the way the id is generated. The details are in the oss-sec thread. [1] https://www.openwall.com/lists/oss-security/2019/06/15/1 Cheers, -- Raphael Geissert - Debian Developer www.debian.org