oss-sec mailing list archives
Re: CVE request: crypt_blowfish 8-bit character mishandling
From: Solar Designer <solar () openwall com>
Date: Wed, 3 Aug 2011 20:03:24 +0400
On Sun, Jul 17, 2011 at 10:30:33PM +0400, Solar Designer wrote:
On Sun, Jul 17, 2011 at 05:48:21PM +0400, Solar Designer wrote:I've just released crypt_blowfish 1.2: http://www.openwall.com/crypt/ All projects using crypt_blowfish should upgrade to this newer code.Patches for PHP 5.3 and 5.4: http://news.php.net/php.internals/54000
In case anyone is backporting these to PHP 5.3.0 - 5.3.6, you also need to apply one of the patches from: http://news.php.net/php.internals/54098 These add support for the new prefixes to crypt.c (initially overlooked) and they add more tests. Alexander
Current thread:
- Re: CVE request: crypt_blowfish 8-bit character mishandling, (continued)
- Re: CVE request: crypt_blowfish 8-bit character mishandling Solar Designer (Jul 07)
- Re: CVE request: crypt_blowfish 8-bit character mishandling Ludwig Nussel (Jul 11)
- Re: CVE request: crypt_blowfish 8-bit character mishandling Solar Designer (Jul 11)
- Re: CVE request: crypt_blowfish 8-bit character mishandling Ludwig Nussel (Jul 12)
- Re: CVE request: crypt_blowfish 8-bit character mishandling Ludwig Nussel (Jul 13)
- Re: CVE request: crypt_blowfish 8-bit character mishandling Solar Designer (Jul 14)
- Re: CVE request: crypt_blowfish 8-bit character mishandling Ludwig Nussel (Jul 14)
- Re: CVE request: crypt_blowfish 8-bit character mishandling Solar Designer (Jul 14)
- Re: CVE request: crypt_blowfish 8-bit character mishandling Solar Designer (Jul 17)
- Re: CVE request: crypt_blowfish 8-bit character mishandling Solar Designer (Jul 17)
- Re: CVE request: crypt_blowfish 8-bit character mishandling Solar Designer (Aug 03)
- Re: CVE request: crypt_blowfish 8-bit character mishandling Solar Designer (Jul 07)