[Pkg-puppet-devel] Bug#679765: Bug#679765: puppetmaster - CA prone to MD5 collision attacks

Stig Sandbeck Mathisen ssm at debian.org
Sun Jul 1 13:01:46 UTC 2012


Bastian Blank <waldi at debian.org> writes:

> The included CA still only displays MD5 fingerprints of certificates.
> MD5 is not longer save against collision attacks. So a rogue client is
> able to use a collision attack to get a certificate for the puppet
> master and overtake the clients.

Could you submit a bug in the upstream bug tracker at
https://projects.puppetlabs.com/projects/puppet/issues, please? I'll
connect your new upstream bug with this one, so we can track its status.

Having the packaging team as a middleman for an upstream bug of this
magnitute would probably not be constructive.

-- 
Stig Sandbeck Mathisen





More information about the Pkg-puppet-devel mailing list