[jira] [Commented] (SVN-4673) Reports of SHA-1 collision causing repository breakage

Tue, 28 Feb 2017 09:00:01 -0800 

    [ 
https://issues.apache.org/jira/browse/SVN-4673?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15888440#comment-15888440
 ] 

Andreas Stieger commented on SVN-4673:
--------------------------------------

The generic SHA-1 issues is CVE-2005-4900.

> Reports of SHA-1 collision causing repository breakage
> ------------------------------------------------------
>
>                 Key: SVN-4673
>                 URL: https://issues.apache.org/jira/browse/SVN-4673
>             Project: Subversion
>          Issue Type: Bug
>            Reporter: Bryan Rosander
>            Priority: Critical
>
> Google recently created two pdfs with the same sha-1 checksum [1].  There are 
> reports of this breaking svn repositories[2][3].
> [1] 
> https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html
> [2] 
> https://arstechnica.com/security/2017/02/watershed-sha1-collision-just-broke-the-webkit-repository-others-may-follow/
> [3] https://lists.webkit.org/pipermail/webkit-dev/2017-February/028795.html
> Additional resources:
> [https://bugs.webkit.org/show_bug.cgi?id=168774#c23<Paste>]
> https://shattered.io/



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Reply via email to