1994-10-05 - Re: ClearSig Bug in PGP?

Header Data

From: Derek Atkins <warlord@MIT.EDU>
To: nobody@shell.portal.com
Message Hash: 95c1d7cae83dcccb713b8f63ec12b99c445a107a170a08476bd87ffaa2d0e97b
Message ID: <9410051703.AA07606@toxicwaste.media.mit.edu>
Reply To: <199410051633.JAA15476@jobe.shell.portal.com>
UTC Datetime: 1994-10-05 17:03:20 UTC
Raw Date: Wed, 5 Oct 94 10:03:20 PDT

Raw message

From: Derek Atkins <warlord@MIT.EDU>
Date: Wed, 5 Oct 94 10:03:20 PDT
To: nobody@shell.portal.com
Subject: Re: ClearSig Bug in PGP?
In-Reply-To: <199410051633.JAA15476@jobe.shell.portal.com>
Message-ID: <9410051703.AA07606@toxicwaste.media.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


The bug is that you can add text into a clear-signed message that
appears to be real since PGP drops everything before the first empty
line.

The temporary fix is to only read the output from PGP (since the added
text will not be in the output file).

The long-term fix will be in 2.6.2, which will hopefully be released
next week (a message will go out saying when it has been released).
The patch is really too difficult to separate from other patches to
post it separately.

-derek






Thread