Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 21 Jun 2011 21:55:26 +0400
From: Solar Designer <>
Cc: magnum <>, Pierre Joye <>
Subject: Re: CVE request: crypt_blowfish 8-bit character mishandling

On Tue, Jun 21, 2011 at 10:50:18AM -0600, Vincent Danen wrote:
> So Crypt::Eksblowfish uses the same code but wasn't affected?  Do we
> know why that is?

It is based on the same code, but the author made changes when merging
the code.  Specifically, he switched to using "unsigned char *".

> I can't promise I will have time to look at it, but I will try if I can
> find the time.


Meanwhile, I've released crypt_blowfish 1.1 with the fixes I had
mentioned in here.


Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.