Date: Thu, 20 Feb 2014 11:21:57 -0500 (EST) From: cve-assign@...re.org To: ppandit@...hat.com Cc: cve-assign@...re.org, oss-security@...ts.openwall.com Subject: Re: CVE Request New-djbdns: dnscache: potential cache poisoning -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > So, if original author says it's a flaw then it's a flaw, otherwise not? Otherwise MITRE attempts to use the best available information in deciding whether "security improvement" is a better categorization. Across all types of products and problems, the original author is generally allowed to admit that they made a mistake when writing the code in a certain way. > So now SipHash is 'the only' way to avoid hash collision ever? At present, introducing SipHash is a type of patch that's very likely to be considered when a software maintainer is responding to hash-collision problems. Certainly other patch approaches are possible. Not all code originated with an implicit functional specification that the code would do a good job at resisting all types of intentional hash-collision attacks. So, in general, when a description of a new attack is published, any resulting patches can be considered security improvements. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJTBiraAAoJEKllVAevmvmskowH/i6JQKtvJttMqHORSRz78Q0b cDs+ho9ha3IfW72JDESqpnuZN5MmD5RANj95h/kVuuwxRZQoaZuBz7TrcXqkJB5a Jj4t/41o2/9MDtR+13w2EF4K2OHOVehiv+cH2uWOgTcxl0iY3frCpUXsl5uhMOX7 ComvccRVrKgG0U6kdQxQClKKrjvQ+9jXNM1lP1cQbyMtsk6wSbvw9AuC8KNAHoL/ IAWor0yu3GQ9fW/i5bnHJixQx9Yj32XcoiLkrYIxL7M8lB6TZ9SBw1PyWqWSEorc 2xPONazJ0TE5QEOpMwgaJrhSQyznQFQQfn4aWbyrgfjC05K0VE/5bsfssnRCm8A= =Ycsb -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.