forcemerge 631286 631347 tags 631286 +squeeze wheezy sid Thank you Hi,
I already notice the bug when you reported it in postgresql and cloned the bug. Yes, the php5 is affected, but only squeeze and onwards (writing this from top of my head, so I will better double check). Security team, can you remove the last not yet published security upload of php5? I'll bundle this CVE in and we will finally release the security update. Ondřej Surý On 23.6.2011, at 5:37, Luciano Bello <luci...@debian.org> wrote: > Package: php5 > Severity: serious > Tags: security > > Hi, > A bug in crypt_blowfish was reported [1,2,3]. The RH report [4] may be useful > too. > > The function BF_set_key in ./ext/standard/crypt_blowfish.c is vulnerable. Can > you confirm that the bug affects the Debian packages? > > If so, please, considerer providing patches for stable and oldstable besides > sid. > > The CVE (Common Vulnerabilities & Exposures) assigned is CVE-2011-2483. > If you fix the vulnerability please also make sure to include the > CVE id in your changelog entry. > > [1] http://www.openwall.com/lists/oss-security/2011/06/20/2 > [2] http://www.openwall.com/lists/john-dev/2011/06/20/3 > [3] http://www.openwall.com/lists/john-dev/2011/06/20/5 > [4] https://bugzilla.redhat.com/show_bug.cgi?id=715025 > > -luciano > > > > _______________________________________________ > pkg-php-maint mailing list > pkg-php-ma...@lists.alioth.debian.org > http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-php-maint