Daniel Kahn Gillmor writes:
>
> Please see the attached patch.
>
>--dkg
>
> From 6d7f5791830c6d3e7607812116e63c866f3c587c Mon Sep 17 00:00:00 2001
> From: Daniel Kahn Gillmor
> Date: Thu, 27 Feb 2025 13:14:08 -0500
> Subject: [PATCH] Accept "key-missing" from a signature from a revoked k
Control: clone 1098951 -1
Control: reassign -1 gpg
Control: found -1 2.2.46-2
Control: found -1 2.4,7-5
Control: notfound -1 2.2.46-1
Control: notfound -1 2.4.7-4
Control: retitle -1 GnuPG: Defense against DoS breaks verification of
signatures from expired or revoked keys
Control: forwarded -1 htt
On Thu, 27 Feb 2025 at 12:59:44 -0500, Daniel Kahn Gillmor wrote:
So this is definitely a change in GnuPG behavior, as reported upstream
at https://dev.gnupg.org/T7547
The same behaviour change also caused a build-time test failure in
src:ostree, https://bugs.debian.org/1098951 /
https://github
Control: tags 1098995 + patch
On Thu 2025-02-27 12:59:44 -0500, Daniel Kahn Gillmor wrote:
> On Wed 2025-02-26 21:44:21 -0500, Daniel Kahn Gillmor wrote:
>
>> GnuPG recently fixed a denial of service for signature verification in
>> the keyring on its master branch: https://dev.gnupg.org/T7527
>>
On Wed 2025-02-26 21:44:21 -0500, Daniel Kahn Gillmor wrote:
> GnuPG recently fixed a denial of service for signature verification in
> the keyring on its master branch: https://dev.gnupg.org/T7527
>
> However, when i backport the fix for this DoS to debian (2.2.46-2), i
> get this failure in the
5 matches
Mail list logo
