Date: Mon, 13 Oct 2014 03:16:40 +0000 (UTC) From: Martin Pool <mbp@...rcefrog.net> To: oss-security@...ts.openwall.com Subject: Re: [CVE Requests] rsync and librsync collisions Hi, I'm the librsync (not rsync) maintainer. I can confirm this is a real bug, and I would like a CVE assigned. I appreciate Mik reporting this. Since it's now been discussed in public I don't see any point treating this as embargoed. I'm working on his patch adding BLAKE2 (eg making it pass tests, having an option for back-compatibility) so that it can be released. -m
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.