Package: dpkg
Version: 1.13.25
Severity: critical
Note: reported against the current version of dpkg,
but applies equally to all versions up to the present
time.
MD5 checksums are not secure. A recently discovered
mathematical technique allows *ANY* document containing a
few attacker-chosen
Processing commands for [EMAIL PROTECTED]:
reassign 454666 apt
Bug#454666: MD5 signatures provide no security
Bug reassigned from package `dpkg' to `apt'.
thanks
Stopping processing here.
Please contact me if you need assistance.
Debian bug tracking system administrator
(administrator
reassign 454666 apt
thanks
On Thu, Dec 06, 2007 at 02:33:06PM -0800, [EMAIL PROTECTED] wrote:
Exploitation of this flaw would allow an attacker to
substitute arbitrary code for any legitimate Debian package
using a man in the middle attack undetected whenever a
user is installing new
Quoting Frank Lichtenheld ([EMAIL PROTECTED]):
reassign 454666 apt
thanks
On Thu, Dec 06, 2007 at 02:33:06PM -0800, [EMAIL PROTECTED] wrote:
Exploitation of this flaw would allow an attacker to
substitute arbitrary code for any legitimate Debian package
using a man in the middle attack
severity 454666 normal
thanks
On Thu, Dec 06, 2007, [EMAIL PROTECTED] wrote:
In particular, it is now computationally feasible for
a single attacker with a desktop machine to modify any
executable of his or her choosing to have any desired
MD5 checksum.
Ray, Debian is not Slashdot. I
5 matches
Mail list logo
