Re: Libgcrypt and GnuPG 1.4 RNG output prediction

[Solar Designer <solar () openwall com>]

Here's what Werner wrote in that message, regarding the CVE ID:
> Sorry, that was my typo.  It is correct in the NEWS files and the commit
> messages.
>
> The reseachers forwarded me a mail with the CVE but I have not been put
> the loop, neither from RedHat, nor from Debian (as they usually do).

More interesting are these tweets:

<@gnupg> @hanno They will present their paper at http://CCS2016.org.  A preprint can now be found here: 
http://formal.iti.kit.edu/~klebanov/
<gnupg> The paper about the Libgcrypt RNG bug has meanwhile been 
published:\nhttp://formal.iti.kit.edu/~klebanov/pubs/libgcrypt-cve-2016-6313.pdf

On Thu, Aug 18, 2016 at 05:37:20PM +0100, Andrew Gallagher wrote:
> Werner used PGP/MIME, but something appears to have deleted the first
> mime-boundary, rendering the message unparseable. If you view the
> source you can see the plaintext, but MIME mail clients (including the
> openwall mailing list archive) can't.

Yes, unfortunately.  I investigated this yesterday, and it appears to be
a long-standing bug in ezmlm-idx (hopefully already patched in newer
versions, but I didn't check), which is triggered by Gnus, depending on
a combination of settings on both sides - specifically, when a MIME
section does not include a Content-Type header, yet the list is
configured to remove sections with some MIME types.  The MIME type
should then default to text/plain, and the section preserved, but
ezmlm-idx would forget to set a flag indicating that such section is OK
to keep.  I think I've patched this on the server now, but I didn't
test.  Previous discoveries of the bug:

https://lists.oasis-open.org/archives/docbook/200402/msg00068.html
https://web.archive.org/web/20051201155347/http://www.csi.hu/mw/ezmlm-idx_mimeremove_bug.txt
http://osdir.com/ml/mail.ezmlm/2002-07/msg00016.html

Alexander