Thank you for taking the time to report this bug and helping to make Ubuntu better. I apologize for not responding sooner. I can confirm this issue and have given it an initial Importance of 'Low', based on the difficulty of properly timing the attack while also requiring MITM access. This can be re-evaluated if necessary.
Since the package referred to in this bug is in universe, it is community maintained. As such, I have forwarded this information to the upstream author (as found in debian/copyright) and the oss-security mailing list: http://www.openwall.com/lists/oss-security/2011/07/06/8 Once a patch is decided upon, if you are able, I suggest posting a debdiff for this issue. When a debdiff is available, a member of the security team will review it and publish the package. Please see the following link for more information: https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures. Thanks again! ** Changed in: reseed (Ubuntu) Importance: Undecided => Low ** Changed in: reseed (Ubuntu) Status: New => Triaged -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/804594 Title: reseed(8) performs HTTP fetch of data from random.org To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/reseed/+bug/804594/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
