oss-sec mailing list archives
Re: Re: [CVE Requests] rsync and librsync collisions
From: Kurt Seifried <kseifried () redhat com>
Date: Fri, 10 Apr 2015 23:29:36 -0600
On 04/10/2015 11:07 PM, Michael Samuel wrote:
Hi Kurt, Murray McAllister handled the response to this when I reported it to secalert@ but it's currently languishing in BZ#1126713
Murray is sadly no longer with Red Hat (he didn't die, he just moved on to another company).
If you want I can send my patch as a starting point - it got really nasty because nobody considered that strong sums would be >16 bytes when writing rsync.
Please do. So one caveat: Red Hat Enterprise Linux is generally committed to API/ABI stability, however Fedora is not. Just saying.
Regards, Michael
-- Kurt Seifried -- Red Hat -- Product Security -- Cloud PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- Re: Re: [CVE Requests] rsync and librsync collisions Vitezslav Cizek (Apr 10)
- Re: Re: [CVE Requests] rsync and librsync collisions mancha (Apr 10)
- Re: Re: [CVE Requests] rsync and librsync collisions Michael Samuel (Apr 10)
- Re: Re: [CVE Requests] rsync and librsync collisions mancha (Apr 10)
- Re: Re: [CVE Requests] rsync and librsync collisions Michael Samuel (Apr 10)
- Re: Re: [CVE Requests] rsync and librsync collisions Michael Samuel (Apr 10)
- Re: Re: [CVE Requests] rsync and librsync collisions mancha (Apr 10)
- Re: Re: [CVE Requests] rsync and librsync collisions Kurt Seifried (Apr 10)
- Re: Re: [CVE Requests] rsync and librsync collisions Michael Samuel (Apr 10)
- Re: Re: [CVE Requests] rsync and librsync collisions Kurt Seifried (Apr 10)
- Re: Re: [CVE Requests] rsync and librsync collisions mancha (Apr 10)