STATUS

breser Fri, 06 Jun 2014 12:17:51 -0700

Author: breser
Date: Fri Jun  6 19:17:19 2014
New Revision: 1600985

URL: http://svn.apache.org/r1600985
Log:
* STATUS: Nominate md5 collision protection.


Modified:
    subversion/branches/1.7.x/STATUS

Modified: subversion/branches/1.7.x/STATUS
URL: 
http://svn.apache.org/viewvc/subversion/branches/1.7.x/STATUS?rev=1600985&r1=1600984&r2=1600985&view=diff
==============================================================================
--- subversion/branches/1.7.x/STATUS (original)
+++ subversion/branches/1.7.x/STATUS Fri Jun  6 19:17:19 2014
@@ -137,6 +137,19 @@ Candidate changes:
    Votes:
      +1: rhuijben
 
+ * r1550691, r1550772, r1600909
+   Guard against MD5 hash collisions when finding cached credentials.
+   Justification:
+     MD5 collision attacks exist and could be used to trick a client into
+     sending cached credentials to a server other than what they were
+     cached for.
+   Notes:
+     Branch is required due to svn_hash_gets() not being available in 1.7.x
+   Branch:
+     ^/subversion/branches/1.7.x-md5-collision
+   Votes:
+     +1: breser
+
 Veto-blocked changes:
 =====================

svn commit: r1600985 - /subversion/branches/1.7.x/STATUS

Reply via email to