Bug#659149: CVE-2012-0839: Hash collision DoS

To: Moritz Muehlenhoff <jmm@debian.org>, 659149@bugs.debian.org
Subject: Bug#659149: CVE-2012-0839: Hash collision DoS
From: Mehdi Dogguy <mehdi@dogguy.org>
Date: Wed, 08 Feb 2012 19:01:11 +0100
Message-id: <[🔎] 4F32B867.7010808@dogguy.org>
Reply-to: Mehdi Dogguy <mehdi@dogguy.org>, 659149@bugs.debian.org
In-reply-to: <[🔎] 20120208174426.4362.13483.reportbug@pisco.westfalen.local>
References: <[🔎] 20120208174426.4362.13483.reportbug@pisco.westfalen.local>

On 08/02/12 18:44, Moritz Muehlenhoff wrote:

Package: ocaml
Severity: important
Tags: security

Ocaml is affected by the recently discovered class of hash collisions,
see http://www.mail-archive.com/caml-list@inria.fr/msg01477.html

Apparently there's no upstream fix yet.


As far as I understand if, upstream implemented a fix that will be
released in OCaml 3.13. It will be to the programmer to choose a seed
parameter to diversify the hash function.

See http://www.mail-archive.com/caml-list@inria.fr/msg01500.html in the
same thread.

Regards,

--
Mehdi

Reply to:

References:
- Bug#659149: CVE-2012-0839: Hash collision DoS
  - From: Moritz Muehlenhoff <jmm@debian.org>

Prev by Date: Bug#659151: automatically fall back to older version
Next by Date: Bug#659212: /usr/bin/ocamlbuild.native: ocamlbuild reports fatal-error if -build-dir option is used with absolute filenames
Previous by thread: Bug#659149: CVE-2012-0839: Hash collision DoS
Next by thread: Bug#659151: automatically fall back to older version
Index(es):
- Date
- Thread