oss-sec mailing list archives
Re: Possible CVE request: subversion MD5 collision authentication leak
From: Ben Reser <ben () reser org>
Date: Fri, 01 Aug 2014 07:47:53 -0700
On 8/1/14 3:12 AM, Marcus Meissner wrote:
The subversion list has fixed a md5 collision attack possibility. http://mail-archives.apache.org/mod_mbox/subversion-dev/201407.mbox/%3C53DAB4A7.8030004%40reser.org%3E http://svn.apache.org/r1550691 http://svn.apache.org/r1550772 The referenced E-Mail speaks about CVE request, so not sure who will assign one.
Already got one (the request was directed at security () apache org who hand them out to us): CVE-2014-3528.
Current thread:
- Possible CVE request: subversion MD5 collision authentication leak Marcus Meissner (Aug 01)
- Re: Possible CVE request: subversion MD5 collision authentication leak Ben Reser (Aug 01)
- Re: Re: Possible CVE request: subversion MD5 collision authentication leak Tomas Hoger (Aug 04)
- Re: Re: Possible CVE request: subversion MD5 collision authentication leak Ben Reser (Aug 04)
- Re: Re: Possible CVE request: subversion MD5 collision authentication leak Michael Samuel (Aug 04)
- Re: Re: Possible CVE request: subversion MD5 collision authentication leak Tomas Hoger (Aug 04)
- Re: Possible CVE request: subversion MD5 collision authentication leak Ben Reser (Aug 01)
- <Possible follow-ups>
- Re: Re: Possible CVE request: subversion MD5 collision authentication leak Ben Reser (Aug 05)