| Summary: | <app-crypt/gpgme-{1.3.2-r1,1.4.4,1.5.1}: heap-based buffer overflow in gpgsm status handler (CVE-2014-3564) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Kristian Fiskerstrand (RETIRED) <k_f> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | minor | CC: | crypto+disabled |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://seclists.org/oss-sec/2014/q3/266 | ||
| Whiteboard: | B3 [noglsa] | ||
| Package list: | Runtime testing required: | --- | |
This is also fixed in gpgme 1.4.4 that has also been released. To recap: Fixed versions are: 1.4.4 and 1.5.1. + 31 Jul 2014; Kristian Fiskerstrand <k_f@gentoo.org> +gpgme-1.4.4.ebuild, + +gpgme-1.5.1.ebuild: + Version bump to 1.4.4 and 1.5.1 due to security bug #518646 (CVE-2014-3564) + 31 Jul 2014; Kristian Fiskerstrand <k_f@gentoo.org> + +files/gpgme-1.3.2-CVE-2014-3564.patch, +gpgme-1.3.2-r1.ebuild: + Revbump with backported patch for security bug #518646 (CVE-2014-3564) Arches, please stabilize: =app-crypt/gpgme-1.3.2-r1 Stable targets: alpha amd64 arm hppa ia64 ppc ppc64 sparc x86 Stable on alpha. amd64 stable x86 stable arm stable ia64/sparc stable Stable for HPPA. ppc stable ppc64 stable. Maintainer(s), please cleanup. Security, please vote. Cleanup done. + 09 Aug 2014; Kristian Fiskerstrand <k_f@gentoo.org> -gpgme-1.3.0-r1.ebuild, + -gpgme-1.3.1.ebuild, -gpgme-1.3.2.ebuild, -gpgme-1.4.3.ebuild, + -gpgme-1.5.0.ebuild: + Cleanup old versions for security bug #518646 GLSA vote: no. NO too, closing. |
From ${URL}: "Tomáš Trnka discovered a heap-based buffer overflow in gpgme. He has provided a very good bug report in [1], so I'll refrain from copy and pasting it here. This is now fixed in version 1.5.1, the commit fixing this is linked in [2]. [1] https://bugzilla.redhat.com/show_bug.cgi?id=1113267 [2] http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpgme.git;a=commit;h=2cbd76f7911fc215845e89b50d6af5ff4a83dd77"