Package: gnupg2 Version: 2.0.14 Severity: important Control: tags -1 + patch Control: forwarded -1 http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=0aac920f23fd07e152fdb7385299c92bb9a4ade3 Control: clone -1 -2 Control: reassign -2 gnupg Control: found -2 1.4.10 Control: fixed -1 2.1.3-1
Someone who can send a bad secret key packet to a user of gnupg can cause gpg itself to crash. Due to the missing length checks PKTLEN may turn negative. Because PKTLEN is an unsigned int the malloc in read_rest would try to malloc a too large number and terminate the process with "error reading rest of packet: Cannot allocate memory". Patches are available for the 2.0 branch: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=0aac920f23fd07e152fdb7385299c92bb9a4ade3 and the 1.4 branch: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=506eb6fec67f170827777f2f44ced6f50745a0ad --dkg -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org