Re: [CVE Requests] rsync and librsync collisions

[Martin Pool <mbp () sourcefrog net>]

Hi,

I'm the librsync (not rsync) maintainer. I can confirm this is a real bug, 
and I would like a CVE assigned.

I appreciate Mik reporting this.

Since it's now been discussed in public I don't see any point treating this 
as embargoed.

I'm working on his patch adding BLAKE2 (eg making it pass tests, having an 
option for back-compatibility) so that it can be released. 

-m