Mailing List Archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tlug] Gnupg serious security bug.

Edward Middleton <> writes:

> It must be the week for security blunder discoveries.  GnuPG has one as
> follows[1]
>     Signature verification of non-detached signatures may give a positive
>     result but when extracting the signed data, this data may be prepended
>     or appended with extra data not covered by the signature. Thus it is
>     possible for an attacker to take any signed message and inject extra
>     arbitrary data.

Wow ! Indeed..

If I understand it right, the way debian packages are signed is
"detached", so all debian packages that were signed until now are not
affected ?


Home | Main Index | Thread Index

Home Page Mailing List Linux and Japan TLUG Members Links