Package: postgresql Severity: serious Tags: security Hi, A bug in crypt_blowfish was reported [1,2,3]. The function BF_set_key in postgresql is vulnerable. The RH report [4] may be useful too. Upstream already has a patch[5].
Please, considerer providing patches for stable and oldstable too. The CVE (Common Vulnerabilities & Exposures) assigned is CVE-2011-2483. If you fix the vulnerability please also make sure to include the CVE id in your changelog entry. [1] http://www.openwall.com/lists/oss-security/2011/06/20/2 [2] http://www.openwall.com/lists/john-dev/2011/06/20/3 [3] http://www.openwall.com/lists/john-dev/2011/06/20/5 [4] https://bugzilla.redhat.com/show_bug.cgi?id=715025 [5] http://git.postgresql.org/gitweb?p=postgresql.git;a=commitdiff;h=ca59dfa6f727fe3bf3a01904ec30e87f7fa5a67e -luciano -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
