[ resend, I just saw even -release and -openoffice were in the mail... ]
Hi,
Kevin B. McCarty wrote:
I noticed that the latest OpenOffice.org security update in Etch
(version 2.0.4.dfsg.2-7etch1, which fixed DSA 1307) depends on libneon25
whereas the previous Etch version
* Henrique de Moraes Holschuh:
On Tue, 12 Jun 2007, Touko Korpela wrote:
Debian Security Advisories currently contain MD5 checksums. As MD5 is no
longer strong enough, maybe it should be replaced by SHA1 or SHA256?
When combined with size information
Size information doesn't buy you that
On Wed, 13 Jun 2007, Florian Weimer wrote:
On Tue, 12 Jun 2007, Touko Korpela wrote:
Debian Security Advisories currently contain MD5 checksums. As MD5 is no
longer strong enough, maybe it should be replaced by SHA1 or SHA256?
When combined with size information
Size information
On Wed, Jun 13, 2007 at 10:37:26AM -0300, Henrique de Moraes Holschuh [EMAIL
PROTECTED] wrote:
On Wed, 13 Jun 2007, Florian Weimer wrote:
On Tue, 12 Jun 2007, Touko Korpela wrote:
Debian Security Advisories currently contain MD5 checksums. As MD5 is no
longer strong enough, maybe it
On Tuesday 12 June 2007 22.41:23 Touko Korpela wrote:
Debian Security Advisories currently contain MD5 checksums. As MD5 is no
longer strong enough, maybe it should be replaced by SHA1 or SHA256?
Strong enough for what?
You can get an md5 collision quite easily, but is 2nd preimage also
Mike Hommey wrote:
On Wed, Jun 13, 2007 at 10:37:26AM -0300, Henrique de Moraes Holschuh [EMAIL
PROTECTED] wrote:
On Wed, 13 Jun 2007, Florian Weimer wrote:
On Tue, 12 Jun 2007, Touko Korpela wrote:
Debian Security Advisories currently contain MD5 checksums. As MD5 is no
longer strong
* Henrique de Moraes Holschuh:
Size information doesn't buy you that much.
When we are talking about a binary blob that matches the *same* md5sum? Yes,
it does. Causing a MD5 colision with a message of the same size is far more
difficult.
Oh, in this case, please show us a collision of two
On 070613 at 10:43, Florian Weimer wrote:
AND the fact that it needs to be a valid .deb archive, they are
probably more than strong enough.
This is actually not much of a problem:
http://www.cits.rub.de/MD5Collisions/
One example how to create two files with same hash that act
differently.
On Wed, Jun 13, 2007 at 11:14:15PM +0200, Steffen Schulz wrote:
On 070613 at 10:43, Florian Weimer wrote:
AND the fact that it needs to be a valid .deb archive, they are
probably more than strong enough.
This is actually not much of a problem:
http://www.cits.rub.de/MD5Collisions/
One
On Tue, Jun 12, 2007 at 07:39:38PM -0400, Joey Hess wrote:
Bernd Eckenfels wrote:
Because open source is all about choice.
So it's there because of a platitude?
There might be admins using dpkg -i
or security officers who build their local mirrors manually.
Then why don't we include
What's up with security.debian.org? Apt is missing it. ;-)
-Jim P.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
On Thu, 2007-06-14 at 00:32 -0400, Jim Popovitch wrote:
What's up with security.debian.org? Apt is missing it. ;-)
Of course, as soon as I send the email
disregard previous email, apologies.
-Jim P.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble?
12 matches
Mail list logo