sync/ports
1
0
Fork 0
mirror of https://git.freebsd.org/ports.git synced 2025-07-18 17:59:20 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Mark PHP5 < 5.3.7_2 as vulnerable to PHP bug #55439: crypt() returns only

Browse source 
the salt for MD5.
This commit is contained in:
Xin LI 2011-08-23 00:58:34 +00:00
parent 191ccf05e1
commit 4d156302b0
Notes: svn2git 2021-03-31 03:12:20 +00:00 
svn path=/head/; revision=280229
1 changed files with 27 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

27
security/vuxml/vuln.xml
View file

@ -34,6 +34,33 @@ Note: Please add new entries to the beginning of this file.
--> -->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
<vuln vid="3f1df2f9-cd22-11e0-9bb2-00215c6a37bb">
<topic>php -- crypt() returns only the salt for MD5</topic>
<affects>
<package>
<name>php5</name>
<range><lt>5.3.7_2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>PHP development team reports:</p>
<blockquote cite="https://bugs.php.net/bug.php?id=55439">
<p>If crypt() is executed with MD5 salts, the return
value conists of the salt only. DES and BLOWFISH
salts work as expected.</p>
</blockquote>
</body>
</description>
<references>
<url>https://bugs.php.net/bug.php?id=55439</url>
</references>
<dates>
<discovery>2011-08-17</discovery>
<entry>2011-08-23</entry>
</dates>
</vuln>
<vuln vid="057bf770-cac4-11e0-aea3-00215c6a37bb"> <vuln vid="057bf770-cac4-11e0-aea3-00215c6a37bb">
<topic>php -- multiple vulnerabilities</topic> <topic>php -- multiple vulnerabilities</topic>
<affects> <affects>