Package: libgnucrypto-java Version: 2.1.0-2 Severity: grave Tags: security Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for classpath. libgnucrypto-java embeds classpath, so it is also affected.
CVE-2008-5659[0]: | The gnu.java.security.util.PRNG class in GNU Classpath 0.97.2 and | earlier uses a predictable seed based on the system time, which makes | it easier for context-dependent attackers to conduct brute force | attacks against cryptographic routines that use this class for | randomness, as demonstrated against DSA private keys. If you fix the vulnerability please also make sure to include the CVE id in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5659 http://security-tracker.debian.org/tracker/CVE-2008-5659 -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
