GnuPG 1.2.3 vulnerable?
Brooks Davis
brooks at one-eyed-alien.net
Tue Dec 2 11:23:19 PST 2003
On Tue, Dec 02, 2003 at 11:16:38AM -0800, Dorin H wrote:
> Hi there,
>
> Is the gpg FreeBSD port vulnerable to ElGamal signing
> key disclosure problem?
> Info:
> http://lists.gnupg.org/pipermail/gnupg-announce/2003q4/000276.html
The latest commit log says:
*** Security Update (not fix, only workaround) ***
Disable the ability to create signatures using the ElGamal
sign+encrypt (type 20) keys as well as to remove the option
to create such keys.
-- Brooks
--
Any statement of the form "X is the one, true Y" is FALSE.
PGP fingerprint 655D 519C 26A7 82E7 2529 9BF0 5D8E 8BE9 F238 1AD4
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-security/attachments/20031202/7c503fc3/attachment.bin
More information about the freebsd-security
mailing list