On Wed, Jul 10, 2019 at 11:45:53AM +0200, Laurent Bigonville wrote:
> Now that buster has been released, do you think we could move forward with
> uploading the last version of librsync in unstable?
Yes, I plan to proceed with this soon.
> I tried to rebuild duplicity and it's building fine.
I tri
Hey,
Now that buster has been released, do you think we could move forward
with uploading the last version of librsync in unstable?
I tried to rebuild duplicity and it's building fine.
Note that autoremoval of librsync is scheduled for August 6th, might be
good to have this fixed before.
K
On Mon, Jan 26, 2015 at 09:12:19AM +0100, Thijs Kinkhorst wrote:
> > See https://github.com/librsync/librsync/issues/5 . librsync uses MD4
> > as part of syncing; given the low strength and size of MD4, and the
> > relative ease of computing collisions/preimages, that makes librsync
> > unsafe to
Hi,
> See https://github.com/librsync/librsync/issues/5 . librsync uses MD4
> as part of syncing; given the low strength and size of MD4, and the
> relative ease of computing collisions/preimages, that makes librsync
> unsafe to use on untrusted data, such as when running a duplicity
> backup.
>
Package: librsync1
Version: 0.9.7-10
Severity: grave
Tags: security upstream
See https://github.com/librsync/librsync/issues/5 . librsync uses MD4
as part of syncing; given the low strength and size of MD4, and the
relative ease of computing collisions/preimages, that makes librsync
unsafe to use
5 matches
Mail list logo
