Since sid is used as a string, here's a cheap way to increase its complexity by more than 10^7 without increasing its length, simply by adding mixed-case letters (this is what I've done on systems where I use the application and it works fine):
--- /usr/share/ajaxterm/ajaxterm.js 2009-02-17 13:40:43.000000000 +0000 +++ ajaxterm.js 2009-05-17 17:49:30.000000000 +0000 @@ -3,7 +3,17 @@ var ie=0; if(window.ActiveXObject) ie=1; - var sid=""+Math.round(Math.random()*1000000000); + + // mitigate CVE-2009-1629 + var sid_arr = ( "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz" ).split(); + var sid_inc = 0; + var sid_arr_pos = 0; + var sid = ""; + for (sid_inc = 0 ; sid_inc < 10 ; sid_inc++){ + sid_arr_pos = RandRange( 0, (sid_arr.length - 1), sid_inc ); + sid += sid_arr[ sid_arr_pos ]; + } + var query0="s="+sid+"&w="+width+"&h="+height; var query1=query0+"&c=1&k="; var buf=""; Further complexity can be added by putting additional safe characters in sid_arr or increasing the iteration cap in the for loop (thus extending the length of the string). Hope this helps! -- { IRL(Jeremy_Stanley); PGP(9E8DFF2E4F5995F8FEADDC5829ABF7441FB84657); SMTP(fu...@yuggoth.org); IRC(fu...@irc.yuggoth.org#ccl); ICQ(114362511); AIM(dreadazathoth); YAHOO(crawlingchaoslabs); FINGER(fu...@yuggoth.org); MUD(fu...@katarsis.mudpy.org:6669); WWW(http://fungi.yuggoth.org/); } -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org