Jake Ginesin via Gnupg-devel <[email protected]> writes: > Thank you for your response, and thank you for upstreaming this issue to > libksba. > > May I be granted a GNU bugtracker account, such that I may participate in the > ticket thread? I would like to emphasize > the security impact of this issue, as an attacker may very trivially mutate > signatures without affecting validity. In > addition to the CVEs previously mentioned, CVE-2019-14859 and BIP-66 also > report on the same issue in other libraries.
As a casual observer, is there a reason you submitted this publicly, and not via https://gnupg.org/documentation/security.html? I'm a bit surprised to have seen it publicly and also found it strange someone else did something similar recently on the libgcrypt mailing list.
signature.asc
Description: PGP signature
_______________________________________________ Gnupg-devel mailing list [email protected] https://lists.gnupg.org/mailman/listinfo/gnupg-devel
