Date: Mon, 13 Oct 2014 03:16:40 +0000 (UTC) From: Martin Pool <mbp@...rcefrog.net> To: oss-security@...ts.openwall.com Subject: Re: [CVE Requests] rsync and librsync collisions Hi, I'm the librsync (not rsync) maintainer. I can confirm this is a real bug, and I would like a CVE assigned. I appreciate Mik reporting this. Since it's now been discussed in public I don't see any point treating this as embargoed. I'm working on his patch adding BLAKE2 (eg making it pass tests, having an option for back-compatibility) so that it can be released. -m
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ