Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Thu, 31 Jul 2014 10:47:06 +0200
From: Stefan Cornelius <scorneli@...hat.com>
To: oss-security@...ts.openwall.com
Subject: CVE-2014-3564 gpgme: heap-based buffer overflow in gpgsm status
 handler

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

Tomáš Trnka discovered a heap-based buffer overflow in gpgme. He has
provided a very good bug report in [1], so I'll refrain from copy
and pasting it here.

This is now fixed in version 1.5.1, the commit fixing this is linked in
[2].

[1] https://bugzilla.redhat.com/show_bug.cgi?id=1113267
[2]
http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpgme.git;a=commit;h=2cbd76f7911fc215845e89b50d6af5ff4a83dd77

Thanks,
- -- 
Stefan Cornelius / Red Hat Product Security
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBAgAGBQJT2gKUAAoJEETwiYCjVSmPvvkIAIrxlBpsXTV51esgDCt5j4PE
fBdjTLxAU9YJ7yZOUcZSsS3I8VHMvkHTZ8zeoPWAsLGU9Us/N7JboIXZhtgUJBLd
qypxeVwiA08WfOLD30STDUwwbQSgScHsf/7vrljzaXJmvlRsph4AcR/x9lWhuRJv
/3d9XrbIC9i0BOhcUcJKcwByLk7076mFTaJAWAqbLwHdqbAszKzLhBZMvUmXk3zN
5HJtFR4+7qWVdot70T41ssYxn8bYfPYsuoCuYcFdwcJ3LkR0c7n9uf1zn6g1rdvU
WbzsMYml2lVan+w1l9o7BFo/9j5zhk3q5t8Nf6q0ghuk51DL6pxBNYtPiWByUUo=
=LafS
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.