Date: Fri, 10 Apr 2015 23:29:36 -0600 From: Kurt Seifried <kseifried@...hat.com> To: oss-security@...ts.openwall.com Subject: Re: Re: [CVE Requests] rsync and librsync collisions On 04/10/2015 11:07 PM, Michael Samuel wrote: > Hi Kurt, > > Murray McAllister handled the response to this when I reported it to secalert@ > but it's currently languishing in BZ#1126713 Murray is sadly no longer with Red Hat (he didn't die, he just moved on to another company). > If you want I can send my patch as a starting point - it got really > nasty because > nobody considered that strong sums would be >16 bytes when writing rsync. Please do. So one caveat: Red Hat Enterprise Linux is generally committed to API/ABI stability, however Fedora is not. Just saying. > Regards, > Michael -- Kurt Seifried -- Red Hat -- Product Security -- Cloud PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 Download attachment "signature.asc" of type "application/pgp-signature" (837 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.