search

aboutcode-org / vulnerablecode

A free and open vulnerabilities database and the packages they impact. And the tools to aggregate and correlate these vulnerabilities. Sponsored by NLnet https://nlnet.nl/project/vulnerabilitydatabase/ for https://www.aboutcode.org/ Chat at https://gitter.im/aboutcode-org/vulnerablecode Docs at https://vulnerablecode.readthedocs.org/
https://public.vulnerablecode.io
Apache License 2.0
544 stars 200 forks source link

All VCID are created with similar "aaa" suffix! #1579

Closed pombredanne closed 2 months ago

pombredanne commented 3 months ago

All VCIDs the are generated with similar aaa suffixes:

VCID-111c-u9bh-aaac
VCID-111e-ksxg-aaaj
VCID-111u-8dyk-aaas
VCID-111u-e1ne-aaaq
VCID-111y-ch3k-aaas
VCID-1121-h7qj-aaab
VCID-1126-y2e1-aaas
VCID-112b-57q4-aaac
VCID-112d-zjff-aaap
VCID-112g-p831-aaak
VCID-112h-ztww-aaad
VCID-112s-d8hf-aaag

We need to fix this ASAP, as we are not using the full 60 bits of entropy we are supposed to0 use.

pombredanne commented 3 months ago

This has been reported by @tdruez and I have a fix for this

pombredanne commented 2 months ago

This has been fixed now and also released in https://pypi.org/project/aboutcode.hashid/