Hi, * Georgi Guninski <guninski@guninski.com> wrote: > On Fri, Sep 23, 2011 at 11:12:17AM +0200, Alexander Neumann wrote: > > * Georgi Guninski <guninski@guninski.com> wrote: > > > i am not sure --check-sigs will fix this. > > I am pretty sure that check-sigs will not fix this :) > this is exactly my point - there is no difference, so --check-sig is > useless. > > sorry for not being clear enough. > > btw, even if vanilla debian is not vulnerable, IMO this should be fixed > or ditched because someone might chose to use the buggy code. Great, I share your opinion, and that is exactly the reason why I reopened this bug. Thanks for reporting! :) Regards, - Alex
Attachment:
pgp_rYSCVgbey.pgp
Description: PGP signature