Hi To completely fix the second part of this CVE I think an API change is necessary. The API need to return a list of unsigned and signed portions of the message so the application using it can make it visible what parts are signed and what parts are not. However such a change is large and cannot be done in LTS.
Regarding the security purpose of the hash information I cannot really judge. I think it serves very little function but I could be wrong. Cheers // Ola On Mon, 7 Sep 2020 at 01:08, Brian May <[email protected]> wrote: > Attached is my patch for Stretch, based on the upstream patch. > > I am a bit uneasy about applying this and marking CVE-2019-11841 as > fixed, because contrary to what upstream say I don't think > CVE-2019-11841 is actually fixed. From the CVE description: > > [...] However, the Go clearsign package ignores the value of this > header, which allows an attacker to spoof it. Consequently, an > attacker can lead a victim to believe the signature was generated > using a different message digest algorithm than what was actually > used. [...] > > The upstream patch has done nothing to address this. > -- > Brian May <[email protected]> > -- --- Inguza Technology AB --- MSc in Information Technology ---- | [email protected] [email protected] | | http://inguza.com/ Mobile: +46 (0)70-332 1551 | ---------------------------------------------------------------
