Hi,
two CVEs might be irrelevant for Debian systems. Can they be
tagged as "unaffected"? Or we have some systems, where
/dev/urandom is not existing?
Thanks
Anton
On Fri, Jun 23, 2023 at 06:48:23AM +0200, Anton Gladky wrote:
> Hi,
>
> two CVEs might be irrelevant for Debian systems. Can they be
> tagged as "unaffected"? Or we have some systems, where
> /dev/urandom is not existing?
They are already marked as non-issues:
CVE-2023-31124 (c-ares is an asynch
Hi Anton, all
Well even if there are some systems affected I must say that if
someone have removed urandom the behavior described is expected. I
mean /dev/urandom is there for a reason. And yes there are better
functions than rand() but I can hardly see this as a vulnerability. Or
well it is, but
Thank you all for your replies!
@Moritz, could you please create an issue with a
the possible proposal, how it should look like?
Best regards
Anton
Am Fr., 23. Juni 2023 um 20:49 Uhr schrieb Ola Lundqvist :
>
> Hi Anton, all
>
> Well even if there are some systems affected I must say that if
>
Am Fri, Jun 23, 2023 at 09:59:45PM +0200 schrieb Anton Gladky:
> Thank you all for your replies!
>
> @Moritz, could you please create an issue with a
> the possible proposal, how it should look like?
Sure, filed as #1039606
Thanks,
Moritz
On 23/06/2023 10:21, Moritz Muehlenhoff wrote:
But in fact the view in the Debian security is a little misleading, given
that it displays "vulnerable" all over the place, e.g.
https://security-tracker.debian.org/tracker/CVE-2023-31147
It would be nice if that "unimportant" issues it would instea
