Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 01 Aug 2014 07:47:53 -0700
From: Ben Reser <ben@...er.org>
To: Marcus Meissner <meissner@...e.de>, 
 OSS Security List <oss-security@...ts.openwall.com>
Subject: Re: Possible CVE request: subversion MD5 collision authentication
 leak

On 8/1/14 3:12 AM, Marcus Meissner wrote:
> The subversion list has fixed a md5 collision attack possibility.
> 
> http://mail-archives.apache.org/mod_mbox/subversion-dev/201407.mbox/%3C53DAB4A7.8030004%40reser.org%3E
> 
> http://svn.apache.org/r1550691
> http://svn.apache.org/r1550772
> 
> The referenced E-Mail speaks about CVE request, so not sure who will assign
> one.

Already got one (the request was directed at security@...che.org who hand them
out to us): CVE-2014-3528.

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ