From owner-freebsd-security@FreeBSD.ORG  Tue Dec  2 11:23:19 2003
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 6077416A4CE
	for <freebsd-security@freebsd.org>;
	Tue,  2 Dec 2003 11:23:19 -0800 (PST)
Received: from odin.ac.hmc.edu (Odin.AC.HMC.Edu [134.173.32.75])
	by mx1.FreeBSD.org (Postfix) with ESMTP id EA4A943FBF
	for <freebsd-security@freebsd.org>;
	Tue,  2 Dec 2003 11:23:14 -0800 (PST)
	(envelope-from brdavis@odin.ac.hmc.edu)
Received: from odin.ac.hmc.edu (IDENT:brdavis@localhost.localdomain
	[127.0.0.1])
	by odin.ac.hmc.edu (8.12.10/8.12.3) with ESMTP id hB2JNAA7020197;
	Tue, 2 Dec 2003 11:23:10 -0800
Received: (from brdavis@localhost)
	by odin.ac.hmc.edu (8.12.10/8.12.3/Submit) id hB2JNAiQ020196;
	Tue, 2 Dec 2003 11:23:10 -0800
Date: Tue, 2 Dec 2003 11:23:10 -0800
From: Brooks Davis <brooks@one-eyed-alien.net>
To: Dorin H <bj93542@yahoo.com>
Message-ID: <20031202192306.GB1326@Odin.AC.HMC.Edu>
References: <20031202191638.42168.qmail@web12601.mail.yahoo.com>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="4SFOXa2GPu3tIq4H"
Content-Disposition: inline
In-Reply-To: <20031202191638.42168.qmail@web12601.mail.yahoo.com>
User-Agent: Mutt/1.5.4i
X-Virus-Scanned: by amavisd-milter (http://amavis.org/) on odin.ac.hmc.edu
cc: freebsd-security@freebsd.org
Subject: Re: GnuPG 1.2.3 vulnerable?
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Security issues [members-only posting]
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Dec 2003 19:23:19 -0000


--4SFOXa2GPu3tIq4H
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, Dec 02, 2003 at 11:16:38AM -0800, Dorin H wrote:
> Hi there,
>=20
> Is the gpg FreeBSD port vulnerable to ElGamal signing
> key disclosure problem?
> Info:
> http://lists.gnupg.org/pipermail/gnupg-announce/2003q4/000276.html

The latest commit log says:

	*** Security Update (not fix, only workaround) ***

	Disable the ability to create signatures using the ElGamal
	sign+encrypt (type 20) keys as well as to remove the option
	to create such keys.

-- Brooks

--=20
Any statement of the form "X is the one, true Y" is FALSE.
PGP fingerprint 655D 519C 26A7 82E7 2529  9BF0 5D8E 8BE9 F238 1AD4

--4SFOXa2GPu3tIq4H
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE/zOaPXY6L6fI4GtQRAiMQAKCgI9hKWq0IWGQ75OjSBKLz0GX+aACfd99y
vuVRIye9laEEpvPLTbmRCdU=
=pJHx
-----END PGP SIGNATURE-----

--4SFOXa2GPu3tIq4H--