Full Disclosure mailing list archives
Re: [USN-740-1] NSS vulnerability
From: Delian Krustev <krustev () krustev net>
Date: Wed, 18 Mar 2009 18:16:09 +0200
On Tue, 17 Mar 2009 17:11:30 -0500 Jamie Strandboge wrote: ...
Details follow: The MD5 algorithm is known not to be collision resistant. This update blacklists the proof of concept rogue certificate authority as discussed in http://www.win.tue.nl/hashclash/rogue-ca/. Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2.diff.gz Size/MD5: 188837 84bf6c0e34576e50daab0284028533bb
... Congratulations! I suppose all the MD5 package checksums you've provided *ARE* collision resistant though ! :-D Cheers -- Delian _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- [USN-740-1] NSS vulnerability Jamie Strandboge (Mar 17)
- Re: [USN-740-1] NSS vulnerability Delian Krustev (Mar 18)