[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Monotone-devel] [Fwd: [SECURITY] [DSA 1571-1] New openssl packages
From: |
Zack Weinberg |
Subject: |
Re: [Monotone-devel] [Fwd: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator] |
Date: |
Tue, 13 May 2008 23:11:13 -0400 |
On Tue, May 13, 2008 at 9:28 PM, Brian May
<address@hidden> wrote:
> Does this affect monotone keys?
[...]
> Package : openssl
> Vulnerability : predictable random number generator
> Problem type : remote
> Debian-specific: yes
> CVE Id(s) : CVE-2008-0166
Monotone does not use openssl at all, and so cannot be affected by this bug.
I'm not aware of any flaws in our cryptography library (Botan)'s
random number generation, and I trust the library's author to have
gotten this right.
zw