FAQ
Edit report at http://pear.php.net/bugs/bug.php?id=14678&edit=1

ID: 14678
Updated by: daniel.oconnor@gmail.com
Reported By: cweiske at php dot net
Summary: Security issue due to seeding random number generator
-Status: Open
+Status: Closed
Type: Bug
Package: Mail_Mime
Package Version: 1.5.2
PHP Version: Irrelevant
-Assigned To:
+Assigned To: doconnor
Roadmap Versions:
New Comment:

-Status: Open
+Status: Closed
-Assigned To:
+Assigned To: doconnor
This bug has been fixed in CVS.

If this was a documentation problem, the fix will appear on
pear.php.net by the end of next Sunday (CET).

If this was a problem with the pear.php.net website, the change should
be live shortly.

Otherwise, the fix will appear in the package's next release.

Thank you for the report and for helping us make PEAR better.




Previous Comments:
------------------------------------------------------------------------

[2008-09-21 12:11:24] cweiske

Description:
------------
The package lowers the security of randomly generated numbers by
seeding the random number generator by itself. Please remove the
[mt_]srand() call from the code. Manual seeding is not required since
php 4.2.0, so this is safe.

For more information, read:
http://www.nabble.com/Re%3A-Random-number-generation-security-problem-p19595503.html
http://news.php.net/php.pear.dev/50791
http://www.suspekt.org/2008/08/17/mt_srand-and-not-so-random-numbers/

------------------------------------------------------------------------

Search Discussions

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
grouppear-bugs @
categoriesphp
postedJun 8, '09 at 4:57a
activeJun 8, '09 at 4:57a
posts1
users1
websitepear.php.net

1 user in discussion

Daniel Oconnor: 1 post

People

Translate

site design / logo © 2021 Grokbase