Summary: | <app-crypt/gpgme-{1.3.2-r1,1.4.4,1.5.1}: heap-based buffer overflow in gpgsm status handler (CVE-2014-3564) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Kristian Fiskerstrand (RETIRED) <k_f> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | crypto+disabled |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://seclists.org/oss-sec/2014/q3/266 | ||
Whiteboard: | B3 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Kristian Fiskerstrand (RETIRED)
2014-07-31 08:56:09 UTC
This is also fixed in gpgme 1.4.4 that has also been released. To recap: Fixed versions are: 1.4.4 and 1.5.1. + 31 Jul 2014; Kristian Fiskerstrand <k_f@gentoo.org> +gpgme-1.4.4.ebuild, + +gpgme-1.5.1.ebuild: + Version bump to 1.4.4 and 1.5.1 due to security bug #518646 (CVE-2014-3564) + 31 Jul 2014; Kristian Fiskerstrand <k_f@gentoo.org> + +files/gpgme-1.3.2-CVE-2014-3564.patch, +gpgme-1.3.2-r1.ebuild: + Revbump with backported patch for security bug #518646 (CVE-2014-3564) Arches, please stabilize: =app-crypt/gpgme-1.3.2-r1 Stable targets: alpha amd64 arm hppa ia64 ppc ppc64 sparc x86 Stable on alpha. amd64 stable x86 stable arm stable ia64/sparc stable Stable for HPPA. ppc stable ppc64 stable. Maintainer(s), please cleanup. Security, please vote. Cleanup done. + 09 Aug 2014; Kristian Fiskerstrand <k_f@gentoo.org> -gpgme-1.3.0-r1.ebuild, + -gpgme-1.3.1.ebuild, -gpgme-1.3.2.ebuild, -gpgme-1.4.3.ebuild, + -gpgme-1.5.0.ebuild: + Cleanup old versions for security bug #518646 GLSA vote: no. NO too, closing. |