Thank you for taking the time to report this bug and helping to make
Ubuntu better. I apologize for not responding sooner. I can confirm this
issue and have given it an initial Importance of 'Low', based on the
difficulty of properly timing the attack while also requiring MITM
access. This can be re-evaluated if necessary.

Since the package referred to in this bug is in universe, it is community 
maintained. As such, I have forwarded this information to the upstream author 
(as found in debian/copyright) and the oss-security mailing list:
http://www.openwall.com/lists/oss-security/2011/07/06/8

Once a patch is decided upon, if you are able, I suggest posting a
debdiff for this issue. When a debdiff is available, a member of the
security team will review it and publish the package. Please see the
following link for more information:
https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures.

Thanks again!

** Changed in: reseed (Ubuntu)
   Importance: Undecided => Low

** Changed in: reseed (Ubuntu)
       Status: New => Triaged

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/804594

Title:
  reseed(8) performs HTTP fetch of data from random.org

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/reseed/+bug/804594/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to