You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@subversion.apache.org by br...@apache.org on 2014/06/06 20:25:01 UTC
svn commit: r1600975 - /subversion/branches/1.8.x/STATUS
Author: breser
Date: Fri Jun 6 18:25:01 2014
New Revision: 1600975
URL: http://svn.apache.org/r1600975
Log:
* STATUS: Nominate MD5 hash collision protection.
Modified:
subversion/branches/1.8.x/STATUS
Modified: subversion/branches/1.8.x/STATUS
URL: http://svn.apache.org/viewvc/subversion/branches/1.8.x/STATUS?rev=1600975&r1=1600974&r2=1600975&view=diff
==============================================================================
--- subversion/branches/1.8.x/STATUS (original)
+++ subversion/branches/1.8.x/STATUS Fri Jun 6 18:25:01 2014
@@ -238,6 +238,15 @@ Candidate changes:
Votes:
+1: breser
+ * r1550691, r1550772, r1600909
+ Guard against MD5 hash collisions when finding cached credentials.
+ Justification:
+ MD5 collision attacks exist and could be used to trick a client into
+ sending cached credentials to a server other than what they were
+ cached for.
+ Votes:
+ +1: breser
+
Veto-blocked changes:
=====================