cvs commit: ports/security/vuxml vuln.xml
Simon L. Nielsen
simon at FreeBSD.org
Wed Aug 3 15:17:10 GMT 2005
On 2005.08.03 07:07:05 -0500, Jacques Vidrine wrote:
> On Aug 3, 2005, at 6:55 AM, Simon L. Nielsen wrote:
> >On 2005.07.31 10:34:00 -0500, Jacques Vidrine wrote:
> >>On Jul 31, 2005, at 8:23 AM, Simon L. Nielsen wrote:
> >>> Document gnupg -- OpenPGP symmetric encryption vulnerability.
> >>>
[...]
> >Doh, I had for some reason not thought of that. It seems like there
> >is p5-Crypt-OpenPGP, security/pgpin, security/pgp, and security/pgp6
> >which are not just frontends.
> >
> >From a quick check of the pgp 2.6.3 docs it seems to also support CFB
> >so I would think it is also vulnerable.
>
> Hmm. The flaw is in the /OpenPGP variant/ of CFB. So I am uncertain
> whether PGP 2 is affected...
I'm not sure at all either - the quick check was merly to see if it
was likely it applied at all.
I'm not really sure what to do here... on one hand I want acurate
information for this entry, on the other hand I think it's a bit of a
waste of time (which could be spent better...) to look to much into
it... Google doesn't really turn anything up about it.
--
Simon L. Nielsen
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/cvs-ports/attachments/20050803/ed347c2c/attachment.bin
More information about the cvs-ports
mailing list