We are pleased to announce the availability of a new stable GnuPG-1
release: Version 1.4.9. This is a maintenance release to fix a possible
vulnerability introduced with 1.4.8.
This bug is also present in 2.0.8 and was fixed with 2.0.9. Both 1.4.8 and 2.0.8 are ~arch only, so please do not move them to stable. A bump for ~arch would be required.
2008-03-25 David Shaw <firstname.lastname@example.org> (wk)
* import.c (collapse_uids): Fix bug 894: possible memory
corruption around deduplication of user IDs.
Patch in trunk:
svn diff -r4712:4713 svn://cvs.gnupg.org/gnupg/trunk/g10/import.c
Thanks, no GLSA for ~arch packages.
*** Bug 215782 has been marked as a duplicate of this bug. ***