Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20180615172836.7tlljvthvyzjxrma@jwilk.net>
Date: Fri, 15 Jun 2018 19:28:36 +0200
From: Jakub Wilk <jwilk@...lk.net>
To: oss-security@...ts.openwall.com
Subject: Re: CVE-2018-12356 Breaking signature verification in
 pass (Simple Password Store)

* Marcus Brinkmann <marcus.brinkmann@...r-uni-bochum.de>, 2018-06-15, 16:43:
>>There's apparently more software that uses unachored "\[GNUPG:\]":
>>https://codesearch.debian.net/search?q=%5B%5E%5E%5D%5C%5C%5C%5BGNUPG%3A%5C%5C%5C%5D
>Yes. I did two weeks of due diligence on the important package 
>managers, Git, and anything I could think of that is critical. But I am 
>not saying what I looked at, because there might be something I missed, 
>and I want everybody to join in and have a fresh look. It is too much 
>for a single person.

Thanks for doing this. I didn't mean to imply that you were not diligent 
enough.

>You reporting these?

I was hoping somebody else would take care of this.

>If not, I can do it.

Please do! :-)

-- 
Jakub Wilk

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.