Re: DO NOT OPEN PREVIOUS MAIL Re: [oss-security] Denial of service in GnuPG

[Noel Kuntze <noel.kuntze@thermi.consulting>]

Hi Peter,

It's really not that deep.
The attachement is not named after the naming scheme expected of signatures of emails so clients won't try to process 
it in the context of opening or verifying an email.
I had to call gpg locally on the attached fiels to reproduce the issue.

But I agree that attaching such files that could be read by clients directly is not a good move.

Kind regards
Noel

Am 04.07.22 um 14:15 schrieb Peter van Dijk:
> Hello,
>
> > On 04/07/2022 07:31 Demi Marie Obenour <demi () invisiblethingslab com> wrote:
> >
> > Signature (of /dev/null) that triggers this bug is attached, along with
> > the corresponding public key.
> This is insane. You can't send weaponised exploits that crash email clients to public mailing lists. Please do not do 
> this again.
>
> Peter