ClearSig Bug in PGP?
Derek Atkins
warlord at MIT.EDU
Wed Oct 5 10:03:20 PDT 1994
The bug is that you can add text into a clear-signed message that
appears to be real since PGP drops everything before the first empty
line.
The temporary fix is to only read the output from PGP (since the added
text will not be in the output file).
The long-term fix will be in 2.6.2, which will hopefully be released
next week (a message will go out saying when it has been released).
The patch is really too difficult to separate from other patches to
post it separately.
-derek
More information about the cypherpunks-legacy
mailing list