+++ This bug was initially created as a clone of Bug #184556 +++
Gnupg incorrect malformed message verification
Tavis Ormandy discovered that it is still possible to trick gnupg into
incorrectly verifying a signed message.
The patch is here:
This issue also affects RHEL3
This issue also affects RHEL2.1
-- Additional comment from firstname.lastname@example.org on 2006-03-13 09:56 EST --
Created an attachment (id=126039)
This reproducer was given to us by Gentoo.
In order to reproduce this issue on RHEL, the --ignore-crc-error option must be
given to gpg. This also mitigates the usefullness of this issue on RHEL.