Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 11 Apr 2015 03:35:56 +0000
From: mancha <mancha1@...o.com>
To: Michael Samuel <mik@...net.net>
Cc: oss-security@...ts.openwall.com
Subject: Re: Re: [CVE Requests] rsync and librsync collisions

On Sat, Apr 11, 2015 at 12:04:58PM +1000, Michael Samuel wrote:
> On 11 April 2015 at 06:19, mancha <mancha1@...o.com> wrote:
> >> * Dne Thursday 18. September 2014, 04:30:22 [CEST] Michael Samuel napsal:
> >> > Ok, for rsync you can download colliding blocks (and a brief description) here:
> >> >
> >> > https://github.com/therealmik/rsync-collision
> 
> > The last time this was discussed it was suggested to the reporter that a
> > fully working PoC be posted so the impact (or lack thereof) to rsync
> > might be evaluated.
> >
> > Unless I missed it, this hasn't happened.
> 
> I reported it upstream with full working PoC
> 
> Regards,
>   Michael

The suggestion I referred to was sharing the full PoC on oss-sec as it
appeared you were interested in engaging the list for possible CVE
allocation and/or coordination of mitigation development.

Without that level of detail further discussion on-list strikes me as
rather pointless.

--mancha

[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ