[php-maint] Bug#631347: CVE-2011-2483 crypt_blowfish: 8-bit character mishandling allows different password pairs to produce the same hash
luciano at debian.org
Thu Jun 23 03:37:46 UTC 2011
A bug in crypt_blowfish was reported [1,2,3]. The RH report  may be useful
The function BF_set_key in ./ext/standard/crypt_blowfish.c is vulnerable. Can
you confirm that the bug affects the Debian packages?
If so, please, considerer providing patches for stable and oldstable besides
The CVE (Common Vulnerabilities & Exposures) assigned is CVE-2011-2483.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
More information about the pkg-php-maint