Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

randomDigits() generates biased random digits #35

Closed
hueniverse opened this issue Nov 2, 2018 · 3 comments
Closed

randomDigits() generates biased random digits #35

hueniverse opened this issue Nov 2, 2018 · 3 comments
Assignees
Labels
Milestone

Comments

@hueniverse
Copy link
Member

@hueniverse hueniverse commented Nov 2, 2018

Backport fix #34

@hueniverse hueniverse added bug lts labels Nov 2, 2018
@hueniverse hueniverse self-assigned this Nov 2, 2018
@hueniverse hueniverse added this to the 3.1.3 milestone Nov 2, 2018
hueniverse added a commit that referenced this issue Nov 2, 2018
@hueniverse hueniverse closed this Nov 2, 2018
@stephenyeargin

This comment has been minimized.

Copy link

@stephenyeargin stephenyeargin commented Nov 10, 2018

As of November 10, the assigned CVE-2018-1000620 does not yet reflect that the backported fix was made in 3.1.3. This is throwing off GitHub's security alerts as well.

@hueniverse

This comment has been minimized.

Copy link
Member Author

@hueniverse hueniverse commented Nov 11, 2018

@stephenyeargin I have no idea how to go about updating it.

@stephenyeargin

This comment has been minimized.

Copy link

@stephenyeargin stephenyeargin commented Nov 11, 2018

It looks like you may be able to notify cve@mitre.org (the source of the CVE) and support@github.com about the backported fix and they will update their databases. I don't see any other formal channels to use.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants
You can’t perform that action at this time.