Subject: Re: NetBSD Security Advisory 2002-009: Multiple vulnerabilities in OpenSSL code
To: Olaf Seibert <email@example.com>
From: David Maxwell <firstname.lastname@example.org>
Date: 08/02/2002 15:08:16
On Fri, Aug 02, 2002 at 05:07:53PM +0200, Olaf Seibert wrote:
> On Fri 02 Aug 2002 at 09:57:28 -0400, NetBSD Security Officer wrote:
> | [-- PGP output follows (current time: Fri Aug 2 17:04:41 2002) --]
> | gpg: Warning: using insecure memory!
> | gpg: Signature made Thu Aug 1 15:37:30 2002 CEST using RSA key ID F8376205
> | gpg: BAD signature from "email@example.com"
> | [-- End of PGP output --]
> | [-- BEGIN PGP SIGNED MESSAGE --]
> > NetBSD Security Advisory 2002-009
> > =================================
> > Topic: Multiple vulnerabilities in OpenSSL code
> This happens with gpg and pgp5 (both far from the latest version no
> doubt). The other advisories sent out today also had bad signatures.
> Earlier signed messages from firstname.lastname@example.org (with the same
> key), such as "NetBSD Security Advisory 2002-006" were ok.
My goof. I didn't mark them -kb in cvs.
The copies on the ftp site and the ones that went to bugtraq are
We'll use this to see how many people check sigs ;-)
David Maxwell, email@example.comfirstname.lastname@example.org -->
All this stuff in twice the space would only look half as bad!