oss-sec mailing list archives
Re: [CVE Requests] rsync and librsync collisions
From: Martin Pool <mbp () sourcefrog net>
Date: Mon, 13 Oct 2014 03:16:40 +0000 (UTC)
Hi, I'm the librsync (not rsync) maintainer. I can confirm this is a real bug, and I would like a CVE assigned. I appreciate Mik reporting this. Since it's now been discussed in public I don't see any point treating this as embargoed. I'm working on his patch adding BLAKE2 (eg making it pass tests, having an option for back-compatibility) so that it can be released. -m
Current thread:
- Re: [CVE Requests] rsync and librsync collisions Martin Pool (Oct 12)
- Re: [CVE Requests] rsync and librsync collisions cve-assign (Oct 12)