cvs commit: ports/security/vuxml vuln.xml
Jacques Vidrine
jacques at vidrine.us
Sun Jul 31 15:34:09 GMT 2005
On Jul 31, 2005, at 8:23 AM, Simon L. Nielsen wrote:
> simon 2005-07-31 13:23:50 UTC
>
> FreeBSD ports repository
>
> Modified files:
> security/vuxml vuln.xml
> Log:
> Document gnupg -- OpenPGP symmetric encryption vulnerability.
>
> Note: this is mainly a theoretical vulnerability.
>
> Revision Changes Path
> 1.763 +38 -1 ports/security/vuxml/vuln.xml
Thanks, Simon. Here are a couple of other points that this entry
should maybe reflect:
= Other software implementing OpenPGP is likely affected, e.g. the
Perl Crypt::OpenPGP module (ports/security/p5-Crypt-OpenPGP)
= GnuPG and others "resolved" this issue by disabling the "quick
check" when using a session key derived from public key encryption.
But the issue still exists when using symmetric encryption directly,
e.g. with the `-c' or `--symmetric' flags to gpg. Of course in that
case it is even less likely to affect a real world user.
Cheers,
--
Jacques A. Vidrine / NTT/Verio
jacques at vidrine.us / jvidrine at verio.net / nectar at freebsd.org
More information about the cvs-all
mailing list