diff options
| author | Ondřej Surý <ondrej@sury.org> | 2011-07-04 10:36:15 +0200 |
|---|---|---|
| committer | Ondřej Surý <ondrej@sury.org> | 2011-07-04 12:44:51 +0200 |
| commit | aa682b9bd9624279dcdcaa1b56f3f4124006b69a (patch) | |
| tree | 8c08b4e61cd1b262a567c6c019ae54461d228c42 /debian/NEWS | |
| parent | 91d40acefecef1a32415bf520db7c6e93b56f612 (diff) | |
| download | php-aa682b9bd9624279dcdcaa1b56f3f4124006b69a.tar.gz | |
Add NEWS item about incompatible blowfish hashes
Diffstat (limited to 'debian/NEWS')
| -rw-r--r-- | debian/NEWS | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/debian/NEWS b/debian/NEWS index 719626ea6..0f528aae4 100644 --- a/debian/NEWS +++ b/debian/NEWS @@ -1,3 +1,15 @@ +php5 (5.3.6-13) unstable; urgency=low + + * Updated blowfish crypt() algorithm fixes the 8-bit character handling + vulnerability (CVE-2011-2483) and adds more self-tests. Unfortunately + this change is incompatible with some old (wrong) generated hashes for + passwords containing 8-bit characters. Therefore the new salt prefix + '$2x$' was introduced which can be used as a replacement for '$2a$' + salt prefix in the password database in case the incompatibility is + found. + + -- Ondřej Surý <ondrej@debian.org> Mon, 04 Jul 2011 10:31:16 +0200 + php5 (5.3.1-3) unstable; urgency=low * mod_php disabled in userdirs. |