Date: Tue, 21 Jun 2011 21:55:26 +0400 From: Solar Designer <solar@...nwall.com> To: oss-security@...ts.openwall.com Cc: magnum <rawsmooth@...dband.net>, Pierre Joye <pierre.php@...il.com> Subject: Re: CVE request: crypt_blowfish 8-bit character mishandling On Tue, Jun 21, 2011 at 10:50:18AM -0600, Vincent Danen wrote: > So Crypt::Eksblowfish uses the same code but wasn't affected? Do we > know why that is? It is based on the same code, but the author made changes when merging the code. Specifically, he switched to using "unsigned char *". > I can't promise I will have time to look at it, but I will try if I can > find the time. Thanks! Meanwhile, I've released crypt_blowfish 1.1 with the fixes I had mentioned in here. http://www.openwall.com/crypt/ Alexander
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ