Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 13 Oct 2014 03:16:40 +0000 (UTC)
From: Martin Pool <mbp@...rcefrog.net>
To: oss-security@...ts.openwall.com
Subject: Re: [CVE Requests] rsync and librsync collisions

Hi,

I'm the librsync (not rsync) maintainer. I can confirm this is a real bug, 
and I would like a CVE assigned.

I appreciate Mik reporting this.

Since it's now been discussed in public I don't see any point treating this 
as embargoed.

I'm working on his patch adding BLAKE2 (eg making it pass tests, having an 
option for back-compatibility) so that it can be released. 

-m

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ