On Fri, 10 Mar 2006 19:40:54 +0100, Jan Luehr said:
well, this takes me to a difficult question:
How much more are to come? (Have you begun a code audit? How long will it
take
then?)
Common wisdoms tells that it is pretty ineffective for a developer to
audit his own code.
Despite that
Hello,
Am Donnerstag, 9. März 2006 19:53 schrieb Werner Koch:
Summary
===
In the aftermath of the false positive signature verfication bug
(announced 2006-02-15) more thorough testing of the fix has been done
and another vulnerability has been detected.
This new problem affects the
GnuPG does not detect injection of unsigned data
(released 2006-03-09, CVE-2006-0049)
Summary
===
In the aftermath of the false positive signature verfication bug
(announced 2006-02-15) more thorough
in the announcement of the fix for this condition
on the gnupg announce list, it says the following:
=[ begin quoted text ]=
The only correct solution to this problem is to get rid of the
feature
to check concatenated signatures - this allows for strict checking
of
valid packet
On Thu, Mar 09, 2006 at 05:55:43PM -0500, [EMAIL PROTECTED] wrote:
in the announcement of the fix for this condition
on the gnupg announce list, it says the following:
=[ begin quoted text ]=
The only correct solution to this problem is to get rid of the
feature
to check