Summary: | app-crypt/gnupg buffer overflow | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sune Kloppenborg Jeppesen (RETIRED) <jaervosz> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | crypto+disabled, tcort |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=200502 | ||
Whiteboard: | B1 [glsa] DerCorny | ||
Package list: | Runtime testing required: | --- |
Description
Sune Kloppenborg Jeppesen (RETIRED)
2006-07-31 00:58:58 UTC
Actually, 1.9.20-r3 is stable on almost all arches; I also remember we dropped the last "--no-armor" vulnerability (#137622), but impact is high this time and might thus call for masking. Added 1.4.5rc1. This seems to fix the vulnerability HOWEVER please wait until full release before stabilising. It shouldn't be that long and big ugly "THIS IS A DEVELOPMENT VERSION!" warnings will put people off. $ gpg --version gpg (GnuPG) 1.4.5rc1-ecc0.1.6 $ perl -e 'print "\xfd\xff\xff\xff\xff\xfe"'| gpg --no-armor gpg: NOTE: THIS IS A DEVELOPMENT VERSION! gpg: It is only intended for test purposes and should NOT be gpg: used in a production environment or with production keys! gpg: using character set `iso-8859-1' gpg: packet(61) too large (In reply to comment #2) > Added 1.4.5rc1. This seems to fix the vulnerability HOWEVER please wait until > full release before stabilising. It shouldn't be that long and big ugly "THIS > IS A DEVELOPMENT VERSION!" warnings will put people off. Indeed, 1.4.5 has been released. Please do your magic again, thanks 1.4.5 magic done. x86 stable, the mentioned perl command doesn't crash it, and the common functionality checks out OK. ppc64 stable This could be considered B1 since feeding emails to gpg is somewhat automated. (In reply to comment #7) > This could be considered B1 since feeding emails to gpg is somewhat automated. > i agree sparc stable. alpha stable. Rerating according to comment #7 and #8. ppc stable Stable on hppa. Sorry for the delay. amd64 stable GLSA 200608-08 arm, ia64, mips, s390 don't forget to mark stable to benifit from the GLSA. Does not affect current (2008.0) release. Removing release. |