Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Thu, 31 Jul 2014 10:47:06 +0200
From: Stefan Cornelius <scorneli@...hat.com>
To: oss-security@...ts.openwall.com
Subject: CVE-2014-3564 gpgme: heap-based buffer overflow in gpgsm status
 handler

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

Tomáš Trnka discovered a heap-based buffer overflow in gpgme. He has
provided a very good bug report in [1], so I'll refrain from copy
and pasting it here.

This is now fixed in version 1.5.1, the commit fixing this is linked in
[2].

[1] https://bugzilla.redhat.com/show_bug.cgi?id=1113267
[2]
http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpgme.git;a=commit;h=2cbd76f7911fc215845e89b50d6af5ff4a83dd77

Thanks,
- -- 
Stefan Cornelius / Red Hat Product Security
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBAgAGBQJT2gKUAAoJEETwiYCjVSmPvvkIAIrxlBpsXTV51esgDCt5j4PE
fBdjTLxAU9YJ7yZOUcZSsS3I8VHMvkHTZ8zeoPWAsLGU9Us/N7JboIXZhtgUJBLd
qypxeVwiA08WfOLD30STDUwwbQSgScHsf/7vrljzaXJmvlRsph4AcR/x9lWhuRJv
/3d9XrbIC9i0BOhcUcJKcwByLk7076mFTaJAWAqbLwHdqbAszKzLhBZMvUmXk3zN
5HJtFR4+7qWVdot70T41ssYxn8bYfPYsuoCuYcFdwcJ3LkR0c7n9uf1zn6g1rdvU
WbzsMYml2lVan+w1l9o7BFo/9j5zhk3q5t8Nf6q0ghuk51DL6pxBNYtPiWByUUo=
=LafS
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ