On Wed, Jul 10, 2019 at 11:45:53AM +0200, Laurent Bigonville wrote:
> Now that buster has been released, do you think we could move forward with
> uploading the last version of librsync in unstable?
Yes, I plan to proceed with this soon.
> I tried to rebuild duplicity and it's building fine.
I
Hey,
Now that buster has been released, do you think we could move forward
with uploading the last version of librsync in unstable?
I tried to rebuild duplicity and it's building fine.
Note that autoremoval of librsync is scheduled for August 6th, might be
good to have this fixed before.
Hi,
See https://github.com/librsync/librsync/issues/5 . librsync uses MD4
as part of syncing; given the low strength and size of MD4, and the
relative ease of computing collisions/preimages, that makes librsync
unsafe to use on untrusted data, such as when running a duplicity
backup.
The
Package: librsync1
Version: 0.9.7-10
Severity: grave
Tags: security upstream
See https://github.com/librsync/librsync/issues/5 . librsync uses MD4
as part of syncing; given the low strength and size of MD4, and the
relative ease of computing collisions/preimages, that makes librsync
unsafe to
4 matches
Mail list logo
