Package: php5
Version: 5.3.1-5
Severity: important
The output of crypt() for certain salts has changed between version
5.2.6-1+lenny6 and 5.3.1-5
The following small test script demonstrates this:
<?php echo crypt("semmel", "1$"); ?>
With php 5.3.1-5 this results in: 1$YZfgMfg2BiI
With php 5.2.6-1+lenny6 this results in: 1$IjqLeTnxFwo
As far as I can see from the documentation at
http://de.php.net/manual/en/function.crypt.php "1$" is a valid salt for
standard DES.
As a side note, the same output is generated, with the following script which
provides an invalid, but different, salt:
<?php echo crypt("semmel", 1); ?>
-- System Information:
Debian Release: squeeze/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-trunk-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages php5 depends on:
ii libapache2-mod-php5 5.3.1-5 server-side, HTML-embedded scripti
ii php5-common 5.3.1-5 Common files for packages built fr
php5 recommends no packages.
php5 suggests no packages.
-- no debconf information
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
