Date: Sat, 11 Apr 2015 03:35:56 +0000 From: mancha <mancha1@...o.com> To: Michael Samuel <mik@...net.net> Cc: oss-security@...ts.openwall.com Subject: Re: Re: [CVE Requests] rsync and librsync collisions On Sat, Apr 11, 2015 at 12:04:58PM +1000, Michael Samuel wrote: > On 11 April 2015 at 06:19, mancha <mancha1@...o.com> wrote: > >> * Dne Thursday 18. September 2014, 04:30:22 [CEST] Michael Samuel napsal: > >> > Ok, for rsync you can download colliding blocks (and a brief description) here: > >> > > >> > https://github.com/therealmik/rsync-collision > > > The last time this was discussed it was suggested to the reporter that a > > fully working PoC be posted so the impact (or lack thereof) to rsync > > might be evaluated. > > > > Unless I missed it, this hasn't happened. > > I reported it upstream with full working PoC > > Regards, > Michael The suggestion I referred to was sharing the full PoC on oss-sec as it appeared you were interested in engaging the list for possible CVE allocation and/or coordination of mitigation development. Without that level of detail further discussion on-list strikes me as rather pointless. --mancha [ CONTENT OF TYPE application/pgp-signature SKIPPED ]
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ