Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 15 Jun 2018 19:28:36 +0200
From: Jakub Wilk <jwilk@...lk.net>
To: oss-security@...ts.openwall.com
Subject: Re: CVE-2018-12356 Breaking signature verification in
 pass (Simple Password Store)

* Marcus Brinkmann <marcus.brinkmann@...r-uni-bochum.de>, 2018-06-15, 16:43:
>>There's apparently more software that uses unachored "\[GNUPG:\]":
>>https://codesearch.debian.net/search?q=%5B%5E%5E%5D%5C%5C%5C%5BGNUPG%3A%5C%5C%5C%5D
>Yes. I did two weeks of due diligence on the important package 
>managers, Git, and anything I could think of that is critical. But I am 
>not saying what I looked at, because there might be something I missed, 
>and I want everybody to join in and have a fresh look. It is too much 
>for a single person.

Thanks for doing this. I didn't mean to imply that you were not diligent 
enough.

>You reporting these?

I was hoping somebody else would take care of this.

>If not, I can do it.

Please do! :-)

-- 
Jakub Wilk

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ