[Rpm-maint] [rpm-software-management/rpm] Security fixes for the OpenPGP parser (#1677)
Panu Matilainen
notifications at github.com
Tue Jun 15 13:28:28 UTC 2021
> Do not allow extra packets to follow a signature
>
> It substantially increases RPM’s attack surface, and there are no legitimate reasons for such packets to be present. None of the packages in either the Fedora 25 or Fedora 32 repositories have them.
Please point me to the section in RFC-4880 which this is based on.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/1677#issuecomment-861497835
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20210615/83a36508/attachment.html>
More information about the Rpm-maint
mailing list