Bug#642480: (no subject)

To: Georgi Guninski <guninski@guninski.com>, 642480@bugs.debian.org
Subject: Bug#642480: (no subject)
From: Alexander Neumann <alexander@debian.org>
Date: Fri, 23 Sep 2011 11:30:50 +0200
Message-id: <[🔎] 20110923093050.GA30158@hoffentlich.net>
Reply-to: Alexander Neumann <alexander@debian.org>, 642480@bugs.debian.org
In-reply-to: <20110923092729.GC1977@sivokote.iziade.m$>
References: <20110923083720.GA1977@sivokote.iziade.m$> <[🔎] 20110923091217.GA29579@hoffentlich.net> <20110923092729.GC1977@sivokote.iziade.m$>

Hi,

* Georgi Guninski <guninski@guninski.com> wrote:
> On Fri, Sep 23, 2011 at 11:12:17AM +0200, Alexander Neumann wrote:
> > * Georgi Guninski <guninski@guninski.com> wrote:
> > > i am not sure --check-sigs will fix this.
> > I am pretty sure that check-sigs will not fix this :)
> this is exactly my point - there is no difference, so --check-sig is
> useless.
>
> sorry for not being clear enough.
>
> btw, even if vanilla debian is not vulnerable, IMO this should be fixed
> or ditched because someone might chose to use the buggy code.

Great, I share your opinion, and that is exactly the reason why I reopened
this bug.

Thanks for reporting! :)

Regards,
- Alex

Attachment: pgp_rYSCVgbey.pgp
Description: PGP signature

Reply to:

Follow-Ups:
- Bug#642480: (no subject)
  - From: Georgi Guninski <guninski@guninski.com>
- Bug#642480: (no subject)
  - From: Georgi Guninski <guninski@guninski.com>

References:
- Bug#642480: (no subject)
  - From: Georgi Guninski <guninski@guninski.com>
- Bug#642480: (no subject)
  - From: Alexander Neumann <alexander@debian.org>
- Bug#642480: (no subject)
  - From: Georgi Guninski <guninski@guninski.com>

Prev by Date: Bug#642480: (no subject)
Next by Date: Bug#642480: (no subject)
Previous by thread: Bug#642480: (no subject)
Next by thread: Bug#642480: (no subject)
Index(es):
- Date
- Thread