Realloc bug discovered in app-crypt/gnupg-2.*, could potentially be exploited, though no exploit is yet known, according to the post by gnupg authors. Quote: >All applications using GnuPG's GPGSM tool to process S/MIME messages >or manage X.509 certificates are affected. The bug exists in all >versions of GnuPG including the recently released GnuPG 2.0.16. >GPG (i.e. OpenPGP) is NOT affected. >GnuPG 1.x is NOT affected because it does not come with the GPGSM >tool. >An exploit is not yet known but it can't be ruled out for sure that >the problem has not already been identified by some dark forces. Reproducible: Always Steps to Reproduce: ...
*** This bug has been marked as a duplicate of bug 329583 ***
Oops sry ... was posted some minutes earlier by cilly when I was reading and typing report ;)