Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 15 Jun 2018 19:28:36 +0200
From: Jakub Wilk <>
Subject: Re: CVE-2018-12356 Breaking signature verification in
 pass (Simple Password Store)

* Marcus Brinkmann <>, 2018-06-15, 16:43:
>>There's apparently more software that uses unachored "\[GNUPG:\]":
>Yes. I did two weeks of due diligence on the important package 
>managers, Git, and anything I could think of that is critical. But I am 
>not saying what I looked at, because there might be something I missed, 
>and I want everybody to join in and have a fresh look. It is too much 
>for a single person.

Thanks for doing this. I didn't mean to imply that you were not diligent 

>You reporting these?

I was hoping somebody else would take care of this.

>If not, I can do it.

Please do! :-)

Jakub Wilk

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ