diff options
| -rw-r--r-- | security/vuxml/vuln.xml | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 4af5a08c4c52..da57b2776139 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -150,6 +150,15 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. response to the submitter, then this does not affect you at all.</p> </blockquote> + <p>Note that the <q>fix</q> in GnuPG does note completely + eliminate the potential problem:</p> + <blockquote cite="http://lists.gnupg.org/pipermail/gnupg-announce/2005q1/000191.html"> + <p>These patches disable a portion of the OpenPGP protocol + that the attack is exploiting. This change should not be + user visible. With the patch in place, this attack will + not work using a public-key encrypted message. It will + still work using a passphrase-encrypted message.</p> + </blockquote> </body> </description> <references> |