GnuPG: remotely controllable function pointer [CVE-2006-6235]
patrick at mozilla-enigmail.org
Sat Dec 9 15:58:48 CET 2006
-----BEGIN PGP SIGNED MESSAGE-----
Patrick Brunschwig wrote:
> Ludwig Hügelschäfer wrote:
>> Malte Gell wrote on 08.12.2006 14:19 Uhr:
>>> Hm, GnuPG 1.4.5 (unpatched)/KMail 1.8.2 reports invalid signed
>>> message... Maybe my gpg.conf is messed or is this due to changes in
>>>> 1.4.5? Thanx.
>> Enigmail didn't even indicate a signed message :-((
> True yes. I have to find out why ...
Interesting ... I found that Werner's mails are PGP/MIME signed, with
However, according to RFC 3156, this is not valid, the parameter would
have to be as follows, and thus it's not recognized as valid by Enigmail:
Is there a new version of the RFC that I'm not aware of, or is it just a
bug of Werner's mail client? In general, is it a good idea to interpret
the RFC so strictly for this, or is it "better" to be a bit more relaxed?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the Gnupg-users