-
|
Dear gopenpgp devs, was the security issue fixed in 2.6.1 introduced in 2.6.0 or is it also present in 2.5.x? |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments 1 reply
-
|
Hey 👋 It was there for a while, including in 2.5.x. However, note that the impact of the issue was "merely" that parsing untrusted input could cause a panic (which is of course still bad) - this was marked as a security issue because of the potential for denial of service attacks, there were no other security implications beyond that. |
Beta Was this translation helpful? Give feedback.
-
|
Thank you very much for the clarification. I think I'm going to check whether it makes sense to fix these issues in Debian Bookworm. |
Beta Was this translation helpful? Give feedback.
-
|
No problem! And yes, indeed 👍 |
Beta Was this translation helpful? Give feedback.
Hey 👋 It was there for a while, including in 2.5.x. However, note that the impact of the issue was "merely" that parsing untrusted input could cause a panic (which is of course still bad) - this was marked as a security issue because of the potential for denial of service attacks, there were no other security implications beyond that.