[colug-432] GPG/PGP vulnerability

Judd Montgomery judd at engineer.com
Tue May 15 13:24:37 EDT 2018


On 5/15/18 11:46 AM, Rick Hornsby wrote:
>
> On May 14, 2018 at 6:29:13 PM, Roberto C. Sánchez 
> (roberto at connexer.com <mailto:roberto at connexer.com>) wrote:
>> On Mon, May 14, 2018 at 02:26:16PM -0700, Rick Hornsby wrote:
>> >
>> > It feels like we’re dealing with the same thing. Unless GPG has 
>> some kind
>> > of code exploitation bug or built-in scripting engine that’s being 
>> abused,
>> > I’m having difficulty finding fault with GPG here.
>> >
>> I agree. EFF's reaction to this and their recommendation seem far off
>> base and out of step with what I have come to expect of them. Anybody
>> who is serious about security is already aware of the dangers of HTML
>> (you summarized the issues nicely in your message, though I did not
>> quote it here).
I agree.  CERT seems to have it right and calls it an email client 
vulnerability.

https://www.kb.cert.org/vuls/id/122919

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.colug.net/pipermail/colug-432/attachments/20180515/a313a5c7/attachment.html 


More information about the colug-432 mailing list