Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 24 Jun 2014 05:53:28 +0000
From: mancha <mancha1@...o.com>
To: oss-security@...ts.openwall.com
Cc: wk@...pg.org
Subject: Re: CVE request: GnuPG-1

On Tue, Jun 24, 2014 at 05:36:15AM +0000, mancha wrote:
> GnuPG 1.4.17 released on 20140623 [1] fixes a security flaw, reported by
> Olivier Levillain and Florian Maury, that can be exploited via crafted
> input to cause a denial of service by triggering an infinite loop [2].
> 
> Please allocate a CVE identifier for this issue.
> 
> Many thanks.
> 
> --mancha
> 
> [1] http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000344.html
> [2] http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff;h=11fdfcf82bd8

This issue has also been corrected in the GnuPG-2 branch [3] though
there is not yet a point release which includes the fix. Contrary to my
subject line, the CVE request is for both GnuPG 1 & 2.

[3] http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff;h=014b2103fcb1


[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ