Subject: Re: NetBSD Security Advisory 2002-009: Multiple vulnerabilities in OpenSSL code
To: Olaf Seibert <rhialto@polderland.nl>
From: David Maxwell <david@vex.net>
List: tech-security
Date: 08/02/2002 15:08:16
On Fri, Aug 02, 2002 at 05:07:53PM +0200, Olaf Seibert wrote:
> On Fri 02 Aug 2002 at 09:57:28 -0400, NetBSD Security Officer wrote:
> | [-- PGP output follows (current time: Fri Aug 2 17:04:41 2002) --]
> | gpg: Warning: using insecure memory!
> | gpg: Signature made Thu Aug 1 15:37:30 2002 CEST using RSA key ID F8376205
> | gpg: BAD signature from "security-officer@netbsd.org"
>
> ^^^
> |
> | [-- End of PGP output --]
> |
> | [-- BEGIN PGP SIGNED MESSAGE --]
> >
> > NetBSD Security Advisory 2002-009
> > =================================
> >
> > Topic: Multiple vulnerabilities in OpenSSL code
>
> This happens with gpg and pgp5 (both far from the latest version no
> doubt). The other advisories sent out today also had bad signatures.
>
> Earlier signed messages from security-officer@netbsd.org (with the same
> key), such as "NetBSD Security Advisory 2002-006" were ok.
My goof. I didn't mark them -kb in cvs.
The copies on the ftp site and the ones that went to bugtraq are
correct.
We'll use this to see how many people check sigs ;-)
--
David Maxwell, david@vex.net|david@maxwell.net -->
All this stuff in twice the space would only look half as bad!
- me