Hi
Small updates on the assigned CVE's:
On Thu, Oct 17, 2013 at 11:14:23AM +0100, Steven Chamberlain wrote:
> CVE-2013-4443 Secure mode has bias towards numbers and uppercase letters
>
> probably the least serious issue; -n guarantees at least one numeral,
> -c guarantees at least one capital,
Hi,
I don't see that any major refactoring is needed, but rather the default
assumed flags are unsafe, although changing them might be incompatible
with some scripts/applications using pwgen.
CVE-2013-4440 non-tty passwords are trivially weak by default
should ideally stop using -0A by default i
Hi,
On 16 October 2013 22:03, Yves-Alexis Perez wrote:
> I'm not too sure how to handle that, especially for stable releases,
> since it seems major refactoring might be needed to get rid of the
> weaknesses and bias.
I think it's best to write a script that uses makepasswd and is
command-line a
Package: pwgen
Severity: grave
Tags: security
Justification: user security hole
Hi Theodore,
multiple CVEs were just assigned to pwgen, following the analysis by
Solar Designer and other people (see thread at
http://marc.info/?l=oss-security&m=138015793928431&w=2)
CVE-2013-4440 non-tty passwords
4 matches
Mail list logo
