Date: Fri, 15 Jun 2018 19:28:36 +0200 From: Jakub Wilk <jwilk@...lk.net> To: oss-security@...ts.openwall.com Subject: Re: CVE-2018-12356 Breaking signature verification in pass (Simple Password Store) * Marcus Brinkmann <marcus.brinkmann@...r-uni-bochum.de>, 2018-06-15, 16:43: >>There's apparently more software that uses unachored "\[GNUPG:\]": >>https://codesearch.debian.net/search?q=%5B%5E%5E%5D%5C%5C%5C%5BGNUPG%3A%5C%5C%5C%5D >Yes. I did two weeks of due diligence on the important package >managers, Git, and anything I could think of that is critical. But I am >not saying what I looked at, because there might be something I missed, >and I want everybody to join in and have a fresh look. It is too much >for a single person. Thanks for doing this. I didn't mean to imply that you were not diligent enough. >You reporting these? I was hoping somebody else would take care of this. >If not, I can do it. Please do! :-) -- Jakub Wilk
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ