Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bugzilla DB migration completed. Please report issues to Infra team via email via infra@gentoo.org or IRC
Bug 329587 - Realloc bug discovered in app-crypt/gnupg-2.*
Summary: Realloc bug discovered in app-crypt/gnupg-2.*
Status: RESOLVED DUPLICATE of bug 329583
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All All
: High normal (vote)
Assignee: Gentoo Security
URL: http://lists.gnupg.org/pipermail/gnup...
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2010-07-23 14:24 UTC by Oliver Sucker
Modified: 2010-07-23 15:27 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Oliver Sucker 2010-07-23 14:24:05 UTC
Realloc bug discovered in app-crypt/gnupg-2.*, could potentially be exploited, though no exploit is yet known, according to the post by gnupg authors.

Quote:
>All applications using GnuPG's GPGSM tool to process S/MIME messages
>or manage X.509 certificates are affected.  The bug exists in all
>versions of GnuPG including the recently released GnuPG 2.0.16.

>GPG (i.e. OpenPGP) is NOT affected.

>GnuPG 1.x is NOT affected because it does not come with the GPGSM
>tool.

>An exploit is not yet known but it can't be ruled out for sure that
>the problem has not already been identified by some dark forces.


Reproducible: Always

Steps to Reproduce:
...
Comment 1 Jeremy Olexa (darkside) (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2010-07-23 15:17:50 UTC

*** This bug has been marked as a duplicate of bug 329583 ***
Comment 2 Oliver Sucker 2010-07-23 15:27:15 UTC
Oops sry ... was posted some minutes earlier by cilly when I was reading and typing report ;)