Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 11 Apr 2015 03:35:56 +0000
From: mancha <mancha1@...o.com>
To: Michael Samuel <mik@...net.net>
Cc: oss-security@...ts.openwall.com
Subject: Re: Re: [CVE Requests] rsync and librsync collisions

On Sat, Apr 11, 2015 at 12:04:58PM +1000, Michael Samuel wrote:
> On 11 April 2015 at 06:19, mancha <mancha1@...o.com> wrote:
> >> * Dne Thursday 18. September 2014, 04:30:22 [CEST] Michael Samuel napsal:
> >> > Ok, for rsync you can download colliding blocks (and a brief description) here:
> >> >
> >> > https://github.com/therealmik/rsync-collision
> 
> > The last time this was discussed it was suggested to the reporter that a
> > fully working PoC be posted so the impact (or lack thereof) to rsync
> > might be evaluated.
> >
> > Unless I missed it, this hasn't happened.
> 
> I reported it upstream with full working PoC
> 
> Regards,
>   Michael

The suggestion I referred to was sharing the full PoC on oss-sec as it
appeared you were interested in engaging the list for possible CVE
allocation and/or coordination of mitigation development.

Without that level of detail further discussion on-list strikes me as
rather pointless.

--mancha

Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.