[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#659149: CVE-2012-0839: Hash collision DoS

On 08/02/12 18:44, Moritz Muehlenhoff wrote:
Package: ocaml
Severity: important
Tags: security

Ocaml is affected by the recently discovered class of hash collisions,
see http://www.mail-archive.com/caml-list@inria.fr/msg01477.html

Apparently there's no upstream fix yet.

As far as I understand if, upstream implemented a fix that will be
released in OCaml 3.13. It will be to the programmer to choose a seed
parameter to diversify the hash function.

See http://www.mail-archive.com/caml-list@inria.fr/msg01500.html in the
same thread.



Reply to: