ClearSig Bug in PGP?

Derek Atkins warlord at MIT.EDU
Wed Oct 5 10:03:20 PDT 1994

The bug is that you can add text into a clear-signed message that
appears to be real since PGP drops everything before the first empty

The temporary fix is to only read the output from PGP (since the added
text will not be in the output file).

The long-term fix will be in 2.6.2, which will hopefully be released
next week (a message will go out saying when it has been released).
The patch is really too difficult to separate from other patches to
post it separately.


More information about the cypherpunks-legacy mailing list