Bug#659149: CVE-2012-0839: Hash collision DoS
On 08/02/12 18:44, Moritz Muehlenhoff wrote:
Package: ocaml
Severity: important
Tags: security
Ocaml is affected by the recently discovered class of hash collisions,
see http://www.mail-archive.com/caml-list@inria.fr/msg01477.html
Apparently there's no upstream fix yet.
As far as I understand if, upstream implemented a fix that will be
released in OCaml 3.13. It will be to the programmer to choose a seed
parameter to diversify the hash function.
See http://www.mail-archive.com/caml-list@inria.fr/msg01500.html in the
same thread.
Regards,
--
Mehdi
Reply to: