Date: Fri, 15 Jun 2018 19:28:36 +0200 From: Jakub Wilk <jwilk@...lk.net> To: oss-security@...ts.openwall.com Subject: Re: CVE-2018-12356 Breaking signature verification in pass (Simple Password Store) * Marcus Brinkmann <marcus.brinkmann@...r-uni-bochum.de>, 2018-06-15, 16:43: >>There's apparently more software that uses unachored "\[GNUPG:\]": >>https://codesearch.debian.net/search?q=%5B%5E%5E%5D%5C%5C%5C%5BGNUPG%3A%5C%5C%5C%5D >Yes. I did two weeks of due diligence on the important package >managers, Git, and anything I could think of that is critical. But I am >not saying what I looked at, because there might be something I missed, >and I want everybody to join in and have a fresh look. It is too much >for a single person. Thanks for doing this. I didn't mean to imply that you were not diligent enough. >You reporting these? I was hoping somebody else would take care of this. >If not, I can do it. Please do! :-) -- Jakub Wilk
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.