You do not have permission to delete messages in this group
Copy link
Report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to golang-...@googlegroups.com
Hello gophers,
The golang.org/x/crypto/openpgp/clearsign package used to accept messages with arbitrary headers in the SIGNED MESSAGE section. While that content would not be part of the returned Plaintext, and therefore not verified, a human observer could be led to believe it was part of the signed message.
This was reported by Aida Mynzhasova of SEC Consult Vulnerability Lab.