Analysis of CVE-2013-4441: pwgen Phonemes mode has heavy bias and is enabled by default

[Eric H. Christensen]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On Mon, Jul 28, 2014 at 07:24:10AM -0400, joat wrote:
> Who's the decision authority on stuff like this, where an issue is more
> politics than security?

If upstream doesn't want to incorporate the fix then we can ask the packager to push a patch to fix it.  We can also go to FESCo and ask.

In this particular case I believe we need to have someone review the CVE.  I'll do that now.

- -- Eric

- --------------------------------------------------
Eric "Sparks" Christensen
Fedora Project

sparks at fedoraproject.org - sparks at redhat.com
097C 82C3 52DF C64A 50C2  E3A3 8076 ABDE 024B B3D1
- --------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQGcBAEBCgAGBQJT1l/NAAoJEB/kgVGp2CYv3bMMAIpVxjJ+kaXglh50/m3u0i1D
YR4NeBZZAHKPJSD1JHa0FaHsjkXWkYErEY1G8VVbLk7K8vleUZpVIo37ieB3IHN5
P31T2NC7/Z3f3ysHKfoTd4cvE55PZTIQBybJ6rGFVyxeeksu2aLGcFpmR3GWEHXp
ggQXTWqFZqIySadOxXMBjK4gns2iQ7DesNO0M53FSwG2NNIE1iBWGkVUjq+n616k
ouqHrNvDEKUDX2uUoKDYgiUm+F0SocbPUZ4TqVZifO9FJwV9aKJHFXQ4jh3xWVEJ
+C2Kcy0fPd18mOpa/Ir/lt7yUCO9vHCjzo5CBSOqo+7+Rdc43EOTTD3RDT+Cct9s
Eamjwi8pfSLEmKsEyv37o2ZV3F97oGG169+UCWWpvLHsHVMCE2pd3EiALR/D0suR
V/8b1N0q6DJpz7+XWUWBbD3/JATQlkhxF2Y4ljgJxwHhCYSpbIIYndlmn+YTWu4r
KzBetUb904sajOHtJKtJ9AYsVsshSVvkzx5QGb6dtA==
=IDsc
-----END PGP SIGNATURE-----