[php-maint] Bug#631347: Bug#631347: CVE-2011-2483 crypt_blowfish: 8-bit character mishandling allows different password pairs to produce the same hash
Moritz Mühlenhoff
jmm at inutil.org
Thu Jun 23 21:31:25 UTC 2011
On Thu, Jun 23, 2011 at 07:42:01AM +0200, Ondřej Surý wrote:
> forcemerge 631286 631347
> tags 631286 +squeeze wheezy sid
> Thank you
>
> Hi,
>
> I already notice the bug when you reported it in postgresql and cloned the bug.
>
> Yes, the php5 is affected, but only squeeze and onwards (writing this from top of my head, so I will better double check).
>
> Security team, can you remove the last not yet published security upload of php5? I'll bundle this CVE in and we will finally release the security update.
You can simply upload with an increased version number, the dak install will supercede
all older versions.
Cheers,
Moritz
More information about the pkg-php-maint
mailing list