Candidate: CVE-2012-2146
PublicDate: 2012-08-26 21:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2146
 http://www.openwall.com/lists/oss-security/2012/04/29/1
 http://groups.google.com/group/sqlelixir/browse_thread/thread/efc16227514cffa?pli=1
Description:
 Elixir 0.8.0 uses Blowfish in CFB mode without constructing a unique
 initialization vector (IV), which makes it easier for context-dependent
 users to obtain sensitive information and decrypt the database.
Ubuntu-Description:
 It was discovered that Elixir fails to construct a unique initialization
 vector (IV) with Blowfish. An attacker could possibly use this to make
 decryption easier.
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=670919
 http://elixir.ematia.de/trac/ticket/119
 https://bugzilla.redhat.com/show_bug.cgi?id=810013
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_elixir:
upstream_elixir: released (0.7.1-4)
hardy_elixir: ignored (reached end-of-life)
lucid_elixir: ignored (reached end-of-life)
natty_elixir: ignored (reached end-of-life)
oneiric_elixir: ignored (reached end-of-life)
precise_elixir: ignored (reached end-of-life)
precise/esm_elixir: DNE (precise was needed)
quantal_elixir: ignored (reached end-of-life)
raring_elixir: ignored (reached end-of-life)
saucy_elixir: ignored (reached end-of-life)
trusty_elixir: released (0.7.1-4build0.14.04.1)
trusty/esm_elixir: DNE (trusty was released [0.7.1-4build0.14.04.1])
utopic_elixir: ignored (reached end-of-life)
vivid_elixir: ignored (reached end-of-life)
vivid/stable-phone-overlay_elixir: DNE
vivid/ubuntu-core_elixir: DNE
wily_elixir: ignored (reached end-of-life)
xenial_elixir: released (0.7.1-4build0.16.04.1)
yakkety_elixir: ignored (reached end-of-life)
zesty_elixir: ignored (reached end-of-life)
artful_elixir: ignored (reached end-of-life)
bionic_elixir: not-affected (0.7.1-4build1)
cosmic_elixir: not-affected (0.7.1-4build1)
devel_elixir: not-affected (0.7.1-4build1)