Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 24 Jun 2014 05:53:28 +0000
From: mancha <>
Subject: Re: CVE request: GnuPG-1

On Tue, Jun 24, 2014 at 05:36:15AM +0000, mancha wrote:
> GnuPG 1.4.17 released on 20140623 [1] fixes a security flaw, reported by
> Olivier Levillain and Florian Maury, that can be exploited via crafted
> input to cause a denial of service by triggering an infinite loop [2].
> Please allocate a CVE identifier for this issue.
> Many thanks.
> --mancha
> [1]
> [2];a=commitdiff;h=11fdfcf82bd8

This issue has also been corrected in the GnuPG-2 branch [3] though
there is not yet a point release which includes the fix. Contrary to my
subject line, the CVE request is for both GnuPG 1 & 2.


Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ