tag 631285 fixed-upstream clone 631285 -1 reassign 631285 postgresql-contrib-8.4 reassign -1 postgresql-contrib-9.0 thanks
Hello Luciano, Luciano Bello [2011-06-22 11:57 -0300]: > A bug in crypt_blowfish was reported [1,2,3]. The function BF_set_key in > postgresql is vulnerable. The RH report [4] may be useful too. Upstream > already > has a patch[5]. > > Please, considerer providing patches for stable and oldstable too. > > The CVE (Common Vulnerabilities & Exposures) assigned is CVE-2011-2483. > If you fix the vulnerability please also make sure to include the > CVE id in your changelog entry. This is the current status: 9.1 (experimental): Fixed in current 9.1~beta3-1, thus not tracking the bug for 9.1. 9.0 (testing/unstable): 9.0.4 is vulnerable, will be fixed in 9.0.5. Can be fixed through new upstream release, not urgent. 8.4 (stable/testing/unstable): 8.4.8 is vulnerable. As 8.4 is obsolete in testing/unstable, this is not urgent to fix there. So I'll prepare a security fix for 8.4 stable. Thanks, Martin -- Martin Pitt | http://www.piware.de Ubuntu Developer (www.ubuntu.com) | Debian Developer (www.debian.org)
signature.asc
Description: Digital signature
