Package: gnupg Version: 1.4.12-6 Followup-For: Bug #697108 Attaching proposed debdiff. Would do an NMU to fix the problem upon permission.
Cheers, Adrian
diff -Nru gnupg-1.4.12/debian/changelog gnupg-1.4.12-CVE-2012-6085/debian/changelog --- gnupg-1.4.12/debian/changelog 2012-10-14 12:11:27.000000000 +0200 +++ gnupg-1.4.12-CVE-2012-6085/debian/changelog 2013-01-02 20:45:48.964482443 +0100 @@ -1,3 +1,10 @@ +gnupg (1.4.12-6.1) unstable; urgency=low + + * Non-maintainer upload. + * Fix key import memory corruption CVE-2012-6085 (Closes: #697108). + + -- John Paul Adrian Glaubitz <glaub...@physik.fu-berlin.de> Wed, 02 Jan 2013 20:44:59 +0100 + gnupg (1.4.12-6) unstable; urgency=low * debian/patches/685627_french_translation_update.patch: Adjusted. diff -Nru gnupg-1.4.12/debian/patches/CVE-2012-6085.patch gnupg-1.4.12-CVE-2012-6085/debian/patches/CVE-2012-6085.patch --- gnupg-1.4.12/debian/patches/CVE-2012-6085.patch 1970-01-01 01:00:00.000000000 +0100 +++ gnupg-1.4.12-CVE-2012-6085/debian/patches/CVE-2012-6085.patch 2013-01-02 20:44:13.662944782 +0100 @@ -0,0 +1,62 @@ +From f795a0d59e197455f8723c300eebf59e09853efa Mon Sep 17 00:00:00 2001 +From: Werner Koch <w...@gnupg.org> +Date: Thu, 20 Dec 2012 09:43:41 +0100 +Subject: [PATCH] Import only packets which are allowed in a keyblock. + +* g10/import.c (valid_keyblock_packet): New. +(read_block): Store only valid packets. +-- + +A corrupted key, which for example included a mangled public key +encrypted packet, used to corrupt the keyring. This change skips all +packets which are not allowed in a keyblock. + +GnuPG-bug-id: 1455 +--- + g10/import.c | 23 ++++++++++++++++++++++- + 1 files changed, 22 insertions(+), 1 deletions(-) + +diff --git a/g10/import.c b/g10/import.c +index 21ada41..90fc2d6 100644 +--- a/g10/import.c ++++ b/g10/import.c +@@ -343,6 +343,27 @@ import_print_stats (void *hd) + } + + ++/* Return true if PKTTYPE is valid in a keyblock. */ ++static int ++valid_keyblock_packet (int pkttype) ++{ ++ switch (pkttype) ++ { ++ case PKT_PUBLIC_KEY: ++ case PKT_PUBLIC_SUBKEY: ++ case PKT_SECRET_KEY: ++ case PKT_SECRET_SUBKEY: ++ case PKT_SIGNATURE: ++ case PKT_USER_ID: ++ case PKT_ATTRIBUTE: ++ case PKT_RING_TRUST: ++ return 1; ++ default: ++ return 0; ++ } ++} ++ ++ + /**************** + * Read the next keyblock from stream A. + * PENDING_PKT should be initialzed to NULL +@@ -420,7 +441,7 @@ read_block( IOBUF a, PACKET **pending_pkt, KBNODE *ret_root ) + } + in_cert = 1; + default: +- if( in_cert ) { ++ if (in_cert && valid_keyblock_packet (pkt->pkttype)) { + if( !root ) + root = new_kbnode( pkt ); + else +-- +1.7.2.5 + diff -Nru gnupg-1.4.12/debian/patches/series gnupg-1.4.12-CVE-2012-6085/debian/patches/series --- gnupg-1.4.12/debian/patches/series 2012-08-26 11:29:35.000000000 +0200 +++ gnupg-1.4.12-CVE-2012-6085/debian/patches/series 2013-01-02 20:44:47.550069361 +0100 @@ -1 +1,2 @@ 685627_french_translation_update.patch +CVE-2012-6085.patch