From owner-cvs-all@FreeBSD.ORG Wed Aug 3 15:17:10 2005 Return-Path: X-Original-To: cvs-all@FreeBSD.org Delivered-To: cvs-all@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B257A16A41F; Wed, 3 Aug 2005 15:17:10 +0000 (GMT) (envelope-from simon@zaphod.nitro.dk) Received: from zaphod.nitro.dk (port324.ds1-khk.adsl.cybercity.dk [212.242.113.79]) by mx1.FreeBSD.org (Postfix) with ESMTP id 65E9943D58; Wed, 3 Aug 2005 15:17:09 +0000 (GMT) (envelope-from simon@zaphod.nitro.dk) Received: by zaphod.nitro.dk (Postfix, from userid 3000) id AE88F11B89; Wed, 3 Aug 2005 17:17:07 +0200 (CEST) Date: Wed, 3 Aug 2005 17:17:07 +0200 From: "Simon L. Nielsen" To: Jacques Vidrine Message-ID: <20050803151706.GG851@zaphod.nitro.dk> References: <200507311323.j6VDNoTB070910@repoman.freebsd.org> <0FD8500C-E0DE-4CB2-B7EF-DDCF5A7B754F@vidrine.us> <20050803115540.GF851@zaphod.nitro.dk> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="aM3YZ0Iwxop3KEKx" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.9i Cc: cvs-ports@FreeBSD.org, cvs-all@FreeBSD.org, ports-committers@FreeBSD.org Subject: Re: cvs commit: ports/security/vuxml vuln.xml X-BeenThere: cvs-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: CVS commit messages for the entire tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Aug 2005 15:17:10 -0000 --aM3YZ0Iwxop3KEKx Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 2005.08.03 07:07:05 -0500, Jacques Vidrine wrote: > On Aug 3, 2005, at 6:55 AM, Simon L. Nielsen wrote: > >On 2005.07.31 10:34:00 -0500, Jacques Vidrine wrote: > >>On Jul 31, 2005, at 8:23 AM, Simon L. Nielsen wrote: > >>> Document gnupg -- OpenPGP symmetric encryption vulnerability. > >>> [...] > >Doh, I had for some reason not thought of that. It seems like there > >is p5-Crypt-OpenPGP, security/pgpin, security/pgp, and security/pgp6 > >which are not just frontends. > > > >From a quick check of the pgp 2.6.3 docs it seems to also support CFB > >so I would think it is also vulnerable. >=20 > Hmm. The flaw is in the /OpenPGP variant/ of CFB. So I am uncertain =20 > whether PGP 2 is affected... I'm not sure at all either - the quick check was merly to see if it was likely it applied at all. I'm not really sure what to do here... on one hand I want acurate information for this entry, on the other hand I think it's a bit of a waste of time (which could be spent better...) to look to much into it... Google doesn't really turn anything up about it. --=20 Simon L. Nielsen --aM3YZ0Iwxop3KEKx Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (FreeBSD) iD8DBQFC8N/yh9pcDSc1mlERAhN7AJ4nFPdzylDLPpyjlBLitbbXijy/KQCfbWxn d2Wcrnaf5Wm5tykQkaCxbWM= =JPtE -----END PGP SIGNATURE----- --aM3YZ0Iwxop3KEKx--