Описание
[predictable random number generator used in web browsers]
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| webkit | fixed | 1.2 | package | |
| webkit | no-dsa | lenny | package | |
| kdebase | unfixed | package | ||
| w3m | unfixed | package | ||
| chromium-browser | fixed | 26.0.1410.43-1 | package | |
| chromium-browser | end-of-life | squeeze | package | |
| lynx | fixed | 2.8.7rel.1-1 | package | |
| dillo | not-affected | package |
Примечания
The implementations for UNIX seems fine, might be fixed earlier
w3m doesn't have Javascript support and the boundary issue is harmles
chromium has provides window.crypto.getRandomValues as a strong random number generator
https://code.google.com/p/chromium/issues/detail?id=246054
lynx doesn't have Javascript and form-data support
These issues can be fixed in more recent upstream versions, but the risk
of regression doesn't outweigh the issue at hand