Date: Sat, 11 Apr 2015 15:07:35 +1000 From: Michael Samuel <mik@...net.net> To: oss-security@...ts.openwall.com Subject: Re: Re: [CVE Requests] rsync and librsync collisions Hi Kurt, Murray McAllister handled the response to this when I reported it to secalert@ but it's currently languishing in BZ#1126713 If you want I can send my patch as a starting point - it got really nasty because nobody considered that strong sums would be >16 bytes when writing rsync. Regards, Michael On 11 April 2015 at 13:40, Kurt Seifried <kseifried@...hat.com> wrote: > If you'd like Red Hat can: > > 1) handle disclosure coordination (like we do for OpenSSL) > > and/or > > 2) handle patching/etc, we ship rsync so this is obviously of interest > to us. > > Contact secalert@...hat.com if you want and either myself or a coworker > will handle this. Thanks! > > On 04/10/2015 08:06 PM, Michael Samuel wrote: >> Hi, >> >> On 10 April 2015 at 19:26, Vitezslav Cizek <civ@...ma.cz> wrote: >> >>> Was there any further progress with the rsync upstream? >>> Are they planning to address this issue or is there no interest? >> >> No further progress with upstream, it's possible that rsync is abandoned. >> >> Regards, >> Michael >> > > -- > Kurt Seifried -- Red Hat -- Product Security -- Cloud > PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 >
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ