TEMP-0532514-9137E0

Name	TEMP-0532514-9137E0
Description	predictable random number generator used in web browsers
Source	Automatically generated temporary name. Not for external reference.
Debian Bugs	520324, 532514, 532519, 532520, 532521

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
chromium-browser (PTS)	jessie, jessie (lts)	57.0.2987.98-1~deb8u1	fixed
	stretch (security), stretch (lts), stretch	71.0.3578.80-1~deb9u1	fixed
dillo (PTS)	jessie	3.0.4-2	fixed
	stretch	3.0.5-3	fixed
	buster	3.0.5-5	fixed
	bullseye, bookworm	3.0.5-7	fixed
	sid, trixie	3.0.5-7.1	fixed
lynx (PTS)	stretch (security), stretch (lts), stretch	2.8.9dev11-1+deb9u1	fixed
	buster (security), buster, buster (lts)	2.8.9rel.1-3+deb10u1	fixed
	bullseye (security), bullseye	2.9.0dev.6-3~deb11u1	fixed
	bookworm	2.9.0dev.12-1	fixed
	sid, trixie	2.9.2-1	fixed
lynx-cur (PTS)	jessie, jessie (lts)	2.8.9dev1-2+deb8u2	fixed
w3m (PTS)	jessie, jessie (lts)	0.5.3-19+deb8u4	vulnerable
	stretch (lts), stretch	0.5.3-34+deb9u2	vulnerable
	buster (security), buster, buster (lts)	0.5.3-37+deb10u1	vulnerable
	bullseye	0.5.3+git20210102-6+deb11u1	vulnerable
	sid, trixie, bookworm	0.5.3+git20230121-2	vulnerable

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Debian Bugs
chromium-browser	source	squeeze	(unfixed)	end-of-life
chromium-browser	source	(unstable)	26.0.1410.43-1		520324
dillo	source	(unstable)	(not affected)
kdebase	source	(unstable)	(unfixed)	unimportant	532519
lynx	source	(unstable)	2.8.7rel.1-1	unimportant	532520
lynx-cur	source	(unstable)	2.8.7rel.1-1	unimportant	532520
w3m	source	(unstable)	(unfixed)	unimportant	532521
webkit	source	(unstable)	1.2	low	532514

Notes

The implementations for UNIX seems fine, might be fixed earlier
[lenny] - webkit <no-dsa> (Minor issue)
w3m doesn't have Javascript support and the boundary issue is harmles
chromium has provides window.crypto.getRandomValues as a strong random number generator
https://code.google.com/p/chromium/issues/detail?id=246054
lynx doesn't have Javascript and form-data support
- dillo <not-affected> (bug #532522)
These issues can be fixed in more recent upstream versions, but the risk
of regression doesn't outweigh the issue at hand