Candidate: CVE-2014-8242
PublicDate: 2015-10-26 17:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8242
 http://www.openwall.com/lists/oss-security/2014/10/12
Description:
 librsync before 1.0.0 uses a truncated MD4 checksum to match blocks, which
 makes it easier for remote attackers to modify transmitted data via a
 birthday attack.
Ubuntu-Description:
Notes:
 ebarretto> Too intrusive to backport
Bugs:
 https://github.com/librsync/librsync/issues/5
Priority: low
Discovered-by: Michael Samuel
Assigned-to:
CVSS: 

Patches_librsync:
upstream_librsync: needs-triage
lucid_librsync: ignored (reached end-of-life)
precise_librsync: ignored (reached end-of-life)
precise/esm_librsync: DNE (precise was needed)
trusty_librsync: ignored (reached end-of-life)
trusty/esm_librsync: DNE (trusty was needed)
utopic_librsync: ignored (reached end-of-life)
vivid_librsync: ignored (reached end-of-life)
vivid/stable-phone-overlay_librsync: DNE
vivid/ubuntu-core_librsync: DNE
wily_librsync: ignored (reached end-of-life)
xenial_librsync: ignored (end of standard support, was needed)
esm-infra/xenial_librsync: needed
yakkety_librsync: ignored (reached end-of-life)
zesty_librsync: ignored (reached end-of-life)
artful_librsync: ignored (reached end-of-life)
bionic_librsync: needed
cosmic_librsync: ignored (reached end-of-life)
disco_librsync: ignored (reached end-of-life)
eoan_librsync: not-affected (2.0.2-1)
focal_librsync: not-affected (2.0.2-1)
groovy_librsync: not-affected (2.0.2-1)
hirsute_librsync: not-affected (2.0.2-1)
impish_librsync: not-affected (2.0.2-1)
jammy_librsync: not-affected (2.0.2-1)
devel_librsync: not-affected (2.0.2-1)