Date: Fri, 10 Apr 2015 23:29:36 -0600 From: Kurt Seifried <kseifried@...hat.com> To: oss-security@...ts.openwall.com Subject: Re: Re: [CVE Requests] rsync and librsync collisions On 04/10/2015 11:07 PM, Michael Samuel wrote: > Hi Kurt, > > Murray McAllister handled the response to this when I reported it to secalert@ > but it's currently languishing in BZ#1126713 Murray is sadly no longer with Red Hat (he didn't die, he just moved on to another company). > If you want I can send my patch as a starting point - it got really > nasty because > nobody considered that strong sums would be >16 bytes when writing rsync. Please do. So one caveat: Red Hat Enterprise Linux is generally committed to API/ABI stability, however Fedora is not. Just saying. > Regards, > Michael -- Kurt Seifried -- Red Hat -- Product Security -- Cloud PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 [ CONTENT OF TYPE application/pgp-signature SKIPPED ]
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ