[Full-disclosure] [USN-740-1] NSS vulnerability
Delian Krustev
krustev at krustev.net
Wed Mar 18 16:16:09 GMT 2009
On Tue, 17 Mar 2009 17:11:30 -0500 Jamie Strandboge wrote:
...
> Details follow:
>
> The MD5 algorithm is known not to be collision resistant. This update
> blacklists the proof of concept rogue certificate authority as discussed
> in http://www.win.tue.nl/hashclash/rogue-ca/.
>
>
> Updated packages for Ubuntu 6.06 LTS:
>
> Source archives:
>
>
> http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2.diff.gz
> Size/MD5: 188837 84bf6c0e34576e50daab0284028533bb
...
Congratulations!
I suppose all the MD5 package checksums you've provided *ARE* collision resistant though !
:-D
Cheers
--
Delian
Full-Disclosure is hosted and sponsored by Secunia.