openpgp bug

[L. Sassaman]

It appears to be valid, however it is pretty much irrelevant. It requires
the attacker have write access to your private key... and once that
condition is met, there are far easier ways of compromising your system
that are likely to be exploitable.

Maintain a secure TCB, and all is fine.

On Wed, 21 Mar 2001, Karol Pietrzak wrote:

> hello.
> i've recently come across this article:
> http://www.icz.cz/en/onas/tisk4.html
> that describes an openpgp bug (involves secret key).  the
> article states that pgp 7.0.3 and gnupg are affected.  however,
> i have not seen this printed anywhere else.  can someone please
> verify this?
>
> --
> noodlez:   Karol Pietrzak
> GPG/PGP-KeyID: 0x3A1446A0
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>

__

L. Sassaman

Security Architect               |     "What's so amazing about
Technology Consultant            |      really deep thoughts?"
                                 |
http://sion.quickie.net          |                  --Tori Amos