Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 10 Apr 2015 23:29:36 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
Subject: Re: Re: [CVE Requests] rsync and librsync collisions

On 04/10/2015 11:07 PM, Michael Samuel wrote:
> Hi Kurt,
> 
> Murray McAllister handled the response to this when I reported it to secalert@
> but it's currently languishing in BZ#1126713

Murray is sadly no longer with Red Hat (he didn't die, he just moved on
to another company).

> If you want I can send my patch as a starting point - it got really
> nasty because
> nobody considered that strong sums would be >16 bytes when writing rsync.

Please do. So one caveat: Red Hat Enterprise Linux is generally
committed to API/ABI stability, however Fedora is not. Just saying.

> Regards,
>   Michael

-- 
Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993


Download attachment "signature.asc" of type "application/pgp-signature" (837 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.