Date: Sat, 11 Apr 2015 03:35:56 +0000 From: mancha <mancha1@...o.com> To: Michael Samuel <mik@...net.net> Cc: oss-security@...ts.openwall.com Subject: Re: Re: [CVE Requests] rsync and librsync collisions On Sat, Apr 11, 2015 at 12:04:58PM +1000, Michael Samuel wrote: > On 11 April 2015 at 06:19, mancha <mancha1@...o.com> wrote: > >> * Dne Thursday 18. September 2014, 04:30:22 [CEST] Michael Samuel napsal: > >> > Ok, for rsync you can download colliding blocks (and a brief description) here: > >> > > >> > https://github.com/therealmik/rsync-collision > > > The last time this was discussed it was suggested to the reporter that a > > fully working PoC be posted so the impact (or lack thereof) to rsync > > might be evaluated. > > > > Unless I missed it, this hasn't happened. > > I reported it upstream with full working PoC > > Regards, > Michael The suggestion I referred to was sharing the full PoC on oss-sec as it appeared you were interested in engaging the list for possible CVE allocation and/or coordination of mitigation development. Without that level of detail further discussion on-list strikes me as rather pointless. --mancha Content of type "application/pgp-signature" skipped
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.