Date: Tue, 24 Jun 2014 05:53:28 +0000 From: mancha <mancha1@...o.com> To: oss-security@...ts.openwall.com Cc: wk@...pg.org Subject: Re: CVE request: GnuPG-1 On Tue, Jun 24, 2014 at 05:36:15AM +0000, mancha wrote: > GnuPG 1.4.17 released on 20140623  fixes a security flaw, reported by > Olivier Levillain and Florian Maury, that can be exploited via crafted > input to cause a denial of service by triggering an infinite loop . > > Please allocate a CVE identifier for this issue. > > Many thanks. > > --mancha > >  http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000344.html >  http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff;h=11fdfcf82bd8 This issue has also been corrected in the GnuPG-2 branch  though there is not yet a point release which includes the fix. Contrary to my subject line, the CVE request is for both GnuPG 1 & 2.  http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff;h=014b2103fcb1 [ CONTENT OF TYPE application/pgp-signature SKIPPED ]
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ