Package home | Report new bug | New search | Development Roadmap Status: Open | Feedback | All | Closed Since Version 1.0.0b4

Bug #14677 Security issue due to seeding random number generator
Submitted: 2008-09-21 16:10 UTC
From: cweiske Assigned: wenz
Status: Closed Package: HTTP_Upload (version 0.9.1)
PHP Version: Irrelevant OS:
Roadmaps: (Not assigned)    
Comments Add Comment Add patch

Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know! Just going to say 'Me too!'? Don't clutter the database with that please !
Your email address:
Solve the problem : 14 + 14 = ?

 [2008-09-21 16:10 UTC] cweiske (Christian Weiske)
Description: ------------ The package lowers the security of randomly generated numbers by seeding the random number generator by itself. Please remove the [mt_]srand() call from the code. Manual seeding is not required since php 4.2.0, so this is safe. For more information, read:


 [2008-10-01 11:52 UTC] wenz (Christian Wenz)
This bug has been fixed in CVS. If this was a documentation problem, the fix will appear on by the end of next Sunday (CET). If this was a problem with the website, the change should be live shortly. Otherwise, the fix will appear in the package's next release. Thank you for the report and for helping us make PEAR better. Thanks, fixed. The srand() security implications are not as grave in this package as they are in other contexts, though.