On Mon, Nov 17, 2008 at 03:17:12PM -0600, Raphael Geissert wrote:
> Moritz Muehlenhoff wrote:
> >
> > php5 / CVE-2008-4107
> > php-suhosin provides proper randomisation, but this needs more visible
> > documentation. Maybe the release notes or the existing
> > README.Debian.security?
>
> Well, since the mt_/rand functions are nowhere documented as strong for
> cryptographic pourposes I don't consider it a bug, but a missing enhancement.
Please update the Security Tracker entry, then.
Cheers,
Moritz
_______________________________________________
Secure-testing-team mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-team
