On 01/17/2012 10:12 AM, Matthias Schmidt wrote: > He guys, > > I want to bring the following discussion on the oss-security list to > your attention: > > http://www.openwall.com/lists/oss-security/2012/01/16/2 > > This post and previous posts contain all known details. It seems Solar > contacted Matt before, but unfortunately he does not responded (or at > least not on the list, I'm subscribed).
Ugh. This is bad and, even worse, it's not immediatelly obvious how to fix it w/o breaking any systems using this implementation. Thanks for publicizing this Matthias! Aggelos