Thank you for the report Moritz. According to the Bugzilla report the issue happens when BCrypt.gensalt() is called with the value 31. jenkins is the only package using this library and it calls this method with no parameter [1], the default value being 10 [2].
So I don't think this issue is critical for Jessie. Emmanuel Bourg [1] https://sources.debian.net/src/jenkins/1.565.3-3/core/src/main/java/hudson/security/HudsonPrivateSecurityRealm.java/#L645 [2] https://sources.debian.net/src/libjbcrypt-java/0.3-4/BCrypt.java/#L66 -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
