[Pkg-puppet-devel] Bug#679765: Bug#679765: puppetmaster - CA prone to MD5 collision attacks
Stig Sandbeck Mathisen
ssm at debian.org
Sun Jul 1 13:01:46 UTC 2012
Bastian Blank <waldi at debian.org> writes:
> The included CA still only displays MD5 fingerprints of certificates.
> MD5 is not longer save against collision attacks. So a rogue client is
> able to use a collision attack to get a certificate for the puppet
> master and overtake the clients.
Could you submit a bug in the upstream bug tracker at
https://projects.puppetlabs.com/projects/puppet/issues, please? I'll
connect your new upstream bug with this one, so we can track its status.
Having the packaging team as a middleman for an upstream bug of this
magnitute would probably not be constructive.
--
Stig Sandbeck Mathisen
More information about the Pkg-puppet-devel
mailing list