oss-sec mailing list archives
Re: Re: [CVE Requests] rsync and librsync collisions
From: mancha <mancha1 () zoho com>
Date: Sat, 11 Apr 2015 03:35:56 +0000
On Sat, Apr 11, 2015 at 12:04:58PM +1000, Michael Samuel wrote:
On 11 April 2015 at 06:19, mancha <mancha1 () zoho com> wrote:* Dne Thursday 18. September 2014, 04:30:22 [CEST] Michael Samuel napsal:Ok, for rsync you can download colliding blocks (and a brief description) here: https://github.com/therealmik/rsync-collisionThe last time this was discussed it was suggested to the reporter that a fully working PoC be posted so the impact (or lack thereof) to rsync might be evaluated. Unless I missed it, this hasn't happened.I reported it upstream with full working PoC Regards, Michael
The suggestion I referred to was sharing the full PoC on oss-sec as it appeared you were interested in engaging the list for possible CVE allocation and/or coordination of mitigation development. Without that level of detail further discussion on-list strikes me as rather pointless. --mancha
Attachment:
_bin
Description:
Current thread:
- Re: Re: [CVE Requests] rsync and librsync collisions Vitezslav Cizek (Apr 10)
- Re: Re: [CVE Requests] rsync and librsync collisions mancha (Apr 10)
- Re: Re: [CVE Requests] rsync and librsync collisions Michael Samuel (Apr 10)
- Re: Re: [CVE Requests] rsync and librsync collisions mancha (Apr 10)
- Re: Re: [CVE Requests] rsync and librsync collisions Michael Samuel (Apr 10)
- Re: Re: [CVE Requests] rsync and librsync collisions Michael Samuel (Apr 10)
- Re: Re: [CVE Requests] rsync and librsync collisions mancha (Apr 10)
- Re: Re: [CVE Requests] rsync and librsync collisions Kurt Seifried (Apr 10)
- Re: Re: [CVE Requests] rsync and librsync collisions Michael Samuel (Apr 10)
- Re: Re: [CVE Requests] rsync and librsync collisions Kurt Seifried (Apr 10)
- Re: Re: [CVE Requests] rsync and librsync collisions mancha (Apr 10)