oss-sec mailing list archives
Re: CVE-2018-12356 Breaking signature verification in pass (Simple Password Store)
From: Jakub Wilk <jwilk () jwilk net>
Date: Fri, 15 Jun 2018 19:28:36 +0200
* Marcus Brinkmann <marcus.brinkmann () ruhr-uni-bochum de>, 2018-06-15, 16:43:
Yes. I did two weeks of due diligence on the important package managers, Git, and anything I could think of that is critical. But I am not saying what I looked at, because there might be something I missed, and I want everybody to join in and have a fresh look. It is too much for a single person.There's apparently more software that uses unachored "\[GNUPG:\]": https://codesearch.debian.net/search?q=%5B%5E%5E%5D%5C%5C%5C%5BGNUPG%3A%5C%5C%5C%5D
Thanks for doing this. I didn't mean to imply that you were not diligent enough.
You reporting these?
I was hoping somebody else would take care of this.
If not, I can do it.
Please do! :-) -- Jakub Wilk
Current thread:
- CVE-2018-12356 Breaking signature verification in pass (Simple Password Store) Marcus Brinkmann (Jun 14)
- Re: CVE-2018-12356 Breaking signature verification in pass (Simple Password Store) Jakub Wilk (Jun 14)
- Re: CVE-2018-12356 Breaking signature verification in pass (Simple Password Store) Marcus Brinkmann (Jun 15)
- Re: CVE-2018-12356 Breaking signature verification in pass (Simple Password Store) Jakub Wilk (Jun 15)
- Re: CVE-2018-12356 Breaking signature verification in pass (Simple Password Store) Marcus Brinkmann (Jun 16)
- Re: CVE-2018-12356 Breaking signature verification in pass (Simple Password Store) Marcus Brinkmann (Jun 15)
- Re: CVE-2018-12356 Breaking signature verification in pass (Simple Password Store) Jakub Wilk (Jun 14)
- Re: CVE-2018-12356 Breaking signature verification in pass (Simple Password Store) Jason A. Donenfeld (Jun 14)