Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

randomDigits() generates biased random digits #35

Closed
hueniverse opened this issue Nov 2, 2018 · 4 comments
Closed

randomDigits() generates biased random digits #35

hueniverse opened this issue Nov 2, 2018 · 4 comments
Assignees
@hueniverse
Labels
bug Bug or defect lts Backport for maintained old version
Milestone
3.1.3

Comments

@hueniverse
Copy link
Contributor

Backport fix #34
@hueniverse hueniverse added bug Bug or defect lts Backport for maintained old version labels Nov 2, 2018
@hueniverse hueniverse self-assigned this Nov 2, 2018
@hueniverse hueniverse added this to the 3.1.3 milestone Nov 2, 2018
hueniverse added a commit that referenced this issue Nov 2, 2018
@hueniverse
Backport fix #34. Closes #35
cb6bd64
@stephenyeargin
Copy link

As of November 10, the assigned CVE-2018-1000620 does not yet reflect that the backported fix was made in 3.1.3. This is throwing off GitHub's security alerts as well.

@hueniverse
Copy link
Contributor Author

@stephenyeargin I have no idea how to go about updating it.

@stephenyeargin
Copy link

It looks like you may be able to notify cve@mitre.org (the source of the CVE) and support@github.com about the backported fix and they will update their databases. I don't see any other formal channels to use.

This was referenced Dec 4, 2018
Closed
Closed
@lock
Copy link

lock bot commented Jan 9, 2020

This thread has been automatically locked due to inactivity. Please open a new issue for related bugs or questions following the new issue template instructions.

@lock lock bot locked as resolved and limited conversation to collaborators Jan 9, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@hueniverse hueniverse

Labels
bug Bug or defect lts Backport for maintained old version
Projects
None yet
Milestone
3.1.3
Development

No branches or pull requests
2 participants
@hueniverse @stephenyeargin