From ${URL} : A flaw was discovered in pgpdump. When pgpdump is run on specially crafted input, a Denial-of-Service condition occurs. The program runs with 100% CPU usage for an indefinite amount of time. External references: https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2016-030.txt References: http://seclists.org/bugtraq/2016/Apr/99 Upstream fix: https://github.com/kazu-yamamoto/pgpdump/pull/16 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Version bumped. amd64 x86 ppc sparc: Please stabilize
amd64 stable
x86 stable
ppc stable
sparc stable. Maintainer(s), please cleanup. Security, please vote.
CVE-2016-4021 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4021): The read_binary function in buffer.c in pgpdump before 0.30 allows context-dependent attackers to cause a denial of service (infinite loop and CPU consumption) via crafted input, as demonstrated by the \xa3\x03 string.
GLSA Vote: No @maintainer(s), please cleanup.
Cleaned.