Subject: Re: NetBSD Security Advisory 2002-009: Multiple vulnerabilities in OpenSSL code
To: David Maxwell , Olaf Seibert <firstname.lastname@example.org>
From: Ignatios Souvatzis <email@example.com>
Date: 08/02/2002 22:11:12
On Fri, Aug 02, 2002 at 03:08:16PM -0400, David Maxwell wrote:
> On Fri, Aug 02, 2002 at 05:07:53PM +0200, Olaf Seibert wrote:
> > On Fri 02 Aug 2002 at 09:57:28 -0400, NetBSD Security Officer wrote:
> > | [-- PGP output follows (current time: Fri Aug 2 17:04:41 2002) --]
> > | gpg: Warning: using insecure memory!
> > | gpg: Signature made Thu Aug 1 15:37:30 2002 CEST using RSA key ID F8376205
> > | gpg: BAD signature from "firstname.lastname@example.org"
> > ^^^
> > |
> > | [-- End of PGP output --]
> > |
> > | [-- BEGIN PGP SIGNED MESSAGE --]
> > >
> > > NetBSD Security Advisory 2002-009
> > > =================================
> > >
> > > Topic: Multiple vulnerabilities in OpenSSL code
> > This happens with gpg and pgp5 (both far from the latest version no
> > doubt). The other advisories sent out today also had bad signatures.
> > Earlier signed messages from email@example.com (with the same
> > key), such as "NetBSD Security Advisory 2002-006" were ok.
> My goof. I didn't mark them -kb in cvs.
> The copies on the ftp site and the ones that went to bugtraq are
> We'll use this to see how many people check sigs ;-)
I'd auto-check them if they had proper PGP/MIME headers...
seal your e-mail: http://www.gnupg.org/