On Thu, September 25, 2008 10:32, Stefan Fritsch wrote: > I have also filed > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=500087 > for php5. If that one gets fixed for lenny, phpbb2 would not need to be > changed.
Yes - in any case I believe it would be a good service of phpbb2 to other applications when it stops using the random number directly, but the fundamental security issue is not in phpbb2. I'm not going to argue the bug severity here but will rather patch it :) Thijs -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
