[jira] [Comment Edited] (SVN-4673) Reports of SHA-1 collision causing repository breakage

Andreas Stieger (JIRA) Tue, 28 Feb 2017 09:01:14 -0800

    [ 
https://issues.apache.org/jira/browse/SVN-4673?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15888440#comment-15888440
 ]


Andreas Stieger edited comment on SVN-4673 at 2/28/17 5:00 PM:
---------------------------------------------------------------

The generic SHA-1 issue is 
[CVE-2005-4900|https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-4900].


was (Author: astieger):
The generic SHA-1 issue is CVE-2005-4900.

> Reports of SHA-1 collision causing repository breakage
> ------------------------------------------------------
>
>                 Key: SVN-4673
>                 URL: https://issues.apache.org/jira/browse/SVN-4673
>             Project: Subversion
>          Issue Type: Bug
>            Reporter: Bryan Rosander
>            Priority: Critical
>
> Google recently created two pdfs with the same sha-1 checksum [1].  There are 
> reports of this breaking svn repositories[2][3].
> [1] 
> https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html
> [2] 
> https://arstechnica.com/security/2017/02/watershed-sha1-collision-just-broke-the-webkit-repository-others-may-follow/
> [3] https://lists.webkit.org/pipermail/webkit-dev/2017-February/028795.html
> Additional resources:
> [https://bugs.webkit.org/show_bug.cgi?id=168774#c23<Paste>]
> https://shattered.io/



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

[jira] [Comment Edited] (SVN-4673) Reports of SHA-1 collision causing repository breakage

Reply via email to