Package: php5-suhosin Severity: serious Tags: security Hi, The CVE (Common Vulnerabilities & Exposures) CVE-2011-2483 was published for php5-suhosin.
A bug in crypt_blowfish was reported [1,2,3]. The function BF_set_key from crypt_blowfish.c:554 looks vulnerable. The RH report may be useful[4] too. If you fix the vulnerability please also make sure to include the CVE id in your changelog entry. [1] http://www.openwall.com/lists/oss-security/2011/06/20/2 [2] http://www.openwall.com/lists/john-dev/2011/06/20/3 [3] http://www.openwall.com/lists/john-dev/2011/06/20/5 [4] https://bugzilla.redhat.com/show_bug.cgi?id=715025 -luciano -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
