Ola Lundqvist writes:
> To completely fix the second part of this CVE I think an API change is
> necessary.
> The API need to return a list of unsigned and signed portions of the
> message so the application using it can make it visible what parts are
> signed and what parts are not.
> However su
Hi again
Also I think we need to consider the backwards compatibility of this. I
guess there are quite a lot of emails with text before and after the signed
text. If they will no longer be accepted this essentially means that the
purpose of this function is pointless giving a less secure system th
Hi
To completely fix the second part of this CVE I think an API change is
necessary.
The API need to return a list of unsigned and signed portions of the
message so the application using it can make it visible what parts are
signed and what parts are not.
However such a change is large and cannot
hi,
today two packages were unclaimed for LTS:
- curl (Thorsten Alteholz)
- squid3 (Markus Koschany)
and one for ELTS:
- curl (Thorsten Alteholz)
Then, one person probably claimed too many packages:
Mike Gabriel: freerdp gnome-shell guacamole-client php-horde-trean samba
There are six DLAs
