[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [SECURITY] [DSA 2491-1] postgresql-8.4 security update

* Florian Weimer:

> CVE-2012-2143
> 	The crypt(text, text) function in the pgcrypto contrib module
> 	did not handle certain passwords correctly, ignoring
> 	characters after the first character which does not fall into
> 	the ASCII range.

It's been pointed out to me that this is incorrect.  Only traditional
DES hashes are affected, and the byte which triggers truncation is
0x80 only.

Reply to: