| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <200903181816.10091.krustev@krustev.net> Date: Wed, 18 Mar 2009 18:16:09 +0200 From: Delian Krustev <krustev@...stev.net> To: bugtraq@...urityfocus.com, Jamie Strandboge <jamie@...onical.com> Cc: full-disclosure@...ts.grok.org.uk, ubuntu-security-announce@...ts.ubuntu.com Subject: Re: [USN-740-1] NSS vulnerability On Tue, 17 Mar 2009 17:11:30 -0500 Jamie Strandboge wrote: ... > Details follow: > > The MD5 algorithm is known not to be collision resistant. This update > blacklists the proof of concept rogue certificate authority as discussed > in http://www.win.tue.nl/hashclash/rogue-ca/. > > > Updated packages for Ubuntu 6.06 LTS: > > Source archives: > > > http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2.diff.gz > Size/MD5: 188837 84bf6c0e34576e50daab0284028533bb ... Congratulations! I suppose all the MD5 package checksums you've provided *ARE* collision resistant though ! :-D Cheers -- Delian _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists