| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat Oct 22 23:51:30 2005 From: prozente at gmail.com (prozente@...il.com) Subject: Different signatures on mirror sites for ethereal 0.10.13 \/ see below - the mirrors must still be updating... ---------- Forwarded message ---------- From: Gerald Combs <gerald@...ereal.com> Date: Oct 20, 2005 5:31 PM Subject: [Ethereal-announce] Updated Ethereal 0.10.13 source distribution available To: ethereal-announce@...ereal.com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The ethereal-0.10.13.tar.bz2 source distribution released yesterday was inadvertently compressed using gzip instead of bzip2. A correct distribution has been placed on the web site with the following hashes: MD5(ethereal-0.10.13.tar.bz2)=9998cb4907a70925d33292bae89530d4 SHA1(ethereal-0.10.13.tar.bz2)=d83a326bb3b274c63e96c783c8b65a0ca848d721 RIPEMD160(ethereal-0.10.13.tar.bz2)=7d209f6c0a932f844ac1ab5fe9cfdef4145ee423 None of the other files released yesterday have changed. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDWBq6kXaEuZt2wEERAj9SAKCU+v3uGpDlpVQuQ2E1z32Swkst9QCg9FJG bn18+2YzyTeRMcOE0j5dTNw= =DWtO -----END PGP SIGNATURE----- _______________________________________________ Ethereal-announce mailing list Ethereal-announce@...ereal.com http://www.ethereal.com/mailman/listinfo/ethereal-announce On 10/21/05, Rein van Koten <vankoten@...all.nl> wrote: > Interesting? > > While updating systems with ethereal 0.10.13 I downloaded from different > sites... While checking MD5sums discovered that at least there is a > difference between the SIGNATURES-0.10.13.txt files on the main ethereal > site and tuwien. > > Difference is only for the tar.bz2 source file... > > Main site: > MD5(ethereal-0.10.13.tar.bz2)=08d277951ff6f6a93c752abebd85d5bc > SHA1(ethereal-0.10.13.tar.bz2)=4ed2014a1ede6bdb05fbe99b0469a030c7794a13 > RIPEMD160(ethereal-0.10.13.tar.bz2)=54f6431ac2d807e0d7dd896af71463d340c66107 > > TUWIEN: > MD5(ethereal-0.10.13.tar.bz2)=9998cb4907a70925d33292bae89530d4 > SHA1(ethereal-0.10.13.tar.bz2)=d83a326bb3b274c63e96c783c8b65a0ca848d721 > RIPEMD160(ethereal-0.10.13.tar.bz2)=7d209f6c0a932f844ac1ab5fe9cfdef4145ee423 > > All other filesums match. > > Now downloading all files and looking at the sources. > > Maybe it is my mistake, maybe something weird is going on. In case of the > latter decided to bare the blame if it is my mistake. Do not like the idea > of tampered ethereal sources.... > > Regards, > > Rein > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ >
Powered by blists - more mailing lists