17 Dec
2003
17 Dec
'03
5:17 p.m.
The bug is that you can add text into a clear-signed message that appears to be real since PGP drops everything before the first empty line. The temporary fix is to only read the output from PGP (since the added text will not be in the output file). The long-term fix will be in 2.6.2, which will hopefully be released next week (a message will go out saying when it has been released). The patch is really too difficult to separate from other patches to post it separately. -derek