Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 10 Apr 2015 23:29:36 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
Subject: Re: Re: [CVE Requests] rsync and librsync collisions

On 04/10/2015 11:07 PM, Michael Samuel wrote:
> Hi Kurt,
> 
> Murray McAllister handled the response to this when I reported it to secalert@
> but it's currently languishing in BZ#1126713

Murray is sadly no longer with Red Hat (he didn't die, he just moved on
to another company).

> If you want I can send my patch as a starting point - it got really
> nasty because
> nobody considered that strong sums would be >16 bytes when writing rsync.

Please do. So one caveat: Red Hat Enterprise Linux is generally
committed to API/ABI stability, however Fedora is not. Just saying.

> Regards,
>   Michael

-- 
Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993


Download attachment "signature.asc" of type "application/pgp-signature" (837 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ