On Fri, 10 Mar 2006 19:40:54 +0100, Jan Luehr said:
> well, this takes me to a difficult question:
> How much more are to come? (Have you begun a code audit? How long will it
> take
> then?)
Common wisdoms tells that it is pretty ineffective for a developer to
audit his own code.
Despite that
Hello,
Am Donnerstag, 9. März 2006 19:53 schrieb Werner Koch:
> Summary
> ===
>
> In the aftermath of the false positive signature verfication bug
> (announced 2006-02-15) more thorough testing of the fix has been done
> and another vulnerability has been detected.
>
> This new problem affect
On Thu, Mar 09, 2006 at 05:55:43PM -0500, [EMAIL PROTECTED] wrote:
> in the announcement of the fix for this condition
> on the gnupg announce list, it says the following:
>
> =[ begin quoted text ]=
>
> The only correct solution to this problem is to get rid of the
> feature
> to check
in the announcement of the fix for this condition
on the gnupg announce list, it says the following:
=[ begin quoted text ]=
The only correct solution to this problem is to get rid of the
feature
to check concatenated signatures - this allows for strict checking
of
valid packet composit
GnuPG does not detect injection of unsigned data
(released 2006-03-09, CVE-2006-0049)
Summary
===
In the aftermath of the false positive signature verfication bug
(announced 2006-02-15) more thorough test
