Package home | Report new bug | New search | Development Roadmap Status: Open | Feedback | All | Closed Since Version 1.1.2
Bug #14681 Security issue due to seeding random number generator
Submitted: 2008-09-21 16:12 UTC
From: cweiske Assigned: cweiske
Status: Closed Package: XML_Transformer (version 1.1.0)
PHP Version: Irrelevant OS:
Roadmaps: (Not assigned)    
Subscription  


Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know! Just going to say 'Me too!'? Don't clutter the database with that please !
Your email address:
MUST BE VALID
Solve the problem : 40 - 18 = ?

 
 [2008-09-21 16:12 UTC] cweiske (Christian Weiske)
Description: ------------ The package lowers the security of randomly generated numbers by seeding the random number generator by itself. Please remove the [mt_]srand() call from the code. Manual seeding is not required since php 4.2.0, so this is safe. For more information, read: http://www.nabble.com/Re%3A-Random-number-generation-security-problem-p19595503.html http://news.php.net/php.pear.dev/50791 http://www.suspekt.org/2008/08/17/mt_srand-and-not-so-random-numbers/

Comments

 [2008-10-25 17:05 UTC] cweiske (Christian Weiske)
Thank you for your bug report. This issue has been fixed in the latest released version of the package, which you can download at http://pear.php.net/get/XML_Transformer Fixed in QA release version 1.1.1