Comment Some facts about the flaw (Score 2, Informative) 151
In an effort to inject some facts here:
This applies to a very specific case where a message is constructed by hand with multiple data packets and a single signature packet, so:
I say "might" as in all of these cases it depends on how GnuPG is called.
- This does not apply to signed software tarballs (like the Linux kernel)
- This does not apply to PGP/MIME signed email messages (a la mutt, Enigmail, etc)
- This does not apply to clearsigned email messages (a la everything else)
This applies to a very specific case where a message is constructed by hand with multiple data packets and a single signature packet, so:
- It might apply to PGP/MIME signed+encrypted email messages.
- It might apply to sign+encrypted messages in general.
- It might apply to unencrypted-but-binary-signed messages (essentially signed+encrypted without the encryption - generally not used much).
I say "might" as in all of these cases it depends on how GnuPG is called.
