[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: golang-go.crypto / CVE-2019-11841


To completely fix the second part of this CVE I think an API change is necessary.
The API need to return a list of unsigned and signed portions of the message so the application using it can make it visible what parts are signed and what parts are not.
However such a change is large and cannot be done in LTS.

Regarding the security purpose of the hash information I cannot really judge. I think it serves very little function but I could be wrong.


// Ola

On Mon, 7 Sep 2020 at 01:08, Brian May <bam@debian.org> wrote:
Attached is my patch for Stretch, based on the upstream patch.

I am a bit uneasy about applying this and marking CVE-2019-11841 as
fixed, because contrary to what upstream say I don't think
CVE-2019-11841 is actually fixed. From the CVE description:

    [...] However, the Go clearsign package ignores the value of this
    header, which allows an attacker to spoof it. Consequently, an
    attacker can lead a victim to believe the signature was generated
    using a different message digest algorithm than what was actually
    used. [...]

The upstream patch has done nothing to address this.
Brian May <bam@debian.org>

 --- Inguza Technology AB --- MSc in Information Technology ----
|  ola@inguza.com                    opal@debian.org            |
|  http://inguza.com/                Mobile: +46 (0)70-332 1551 |

Reply to: