Message info
 
To:Gunnar Wolf From:Moritz Mühlenhoff Subject:Bug#647205: cherokee: Admin password generation uses time and PID, allows attackers to brute-force it Date:Sun, 19 Feb 2012 20:59:20 +0100
 

On Wed, Nov 23, 2011 at 12:47:18PM -0600, Gunnar Wolf wrote:
> Moritz Mhlenhoff dijo [Tue, Nov 22, 2011 at 09:47:28PM +0100]:
> > Hi Gunnar,
> > this doesn't warrant a DSA, but it would be appreciated if you
> > fix this through a point update:
> > http://www.debian.org/doc/manuals/developers-reference/pkgs.html#upload-stable
>
> Uploaded to DELAYED/3, mail sent to d-release.
>
> http://anonscm.debian.org/gitweb/?p=collab-maint/cherokee.git;a=commitdiff;h=3853374270339201e967a7e4197fbbb1435e2d42

Is this fixed in unstable? If so, in which version?

Cheers,
Moritz



--
To UNSUBSCRIBE, email to debian-bugs-dist-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org