Package: gnupg
Version: 1.4.12-6
Followup-For: Bug #697108
Attaching proposed debdiff. Would do an NMU to fix the problem
upon permission.
Cheers,
Adrian
diff -Nru gnupg-1.4.12/debian/changelog gnupg-1.4.12-CVE-2012-6085/debian/changelog
--- gnupg-1.4.12/debian/changelog 2012-10-14 12:11:27.000000000 +0200
+++ gnupg-1.4.12-CVE-2012-6085/debian/changelog 2013-01-02 20:45:48.964482443 +0100
@@ -1,3 +1,10 @@
+gnupg (1.4.12-6.1) unstable; urgency=low
+
+ * Non-maintainer upload.
+ * Fix key import memory corruption CVE-2012-6085 (Closes: #697108).
+
+ -- John Paul Adrian Glaubitz <glaub...@physik.fu-berlin.de> Wed, 02 Jan 2013 20:44:59 +0100
+
gnupg (1.4.12-6) unstable; urgency=low
* debian/patches/685627_french_translation_update.patch: Adjusted.
diff -Nru gnupg-1.4.12/debian/patches/CVE-2012-6085.patch gnupg-1.4.12-CVE-2012-6085/debian/patches/CVE-2012-6085.patch
--- gnupg-1.4.12/debian/patches/CVE-2012-6085.patch 1970-01-01 01:00:00.000000000 +0100
+++ gnupg-1.4.12-CVE-2012-6085/debian/patches/CVE-2012-6085.patch 2013-01-02 20:44:13.662944782 +0100
@@ -0,0 +1,62 @@
+From f795a0d59e197455f8723c300eebf59e09853efa Mon Sep 17 00:00:00 2001
+From: Werner Koch <w...@gnupg.org>
+Date: Thu, 20 Dec 2012 09:43:41 +0100
+Subject: [PATCH] Import only packets which are allowed in a keyblock.
+
+* g10/import.c (valid_keyblock_packet): New.
+(read_block): Store only valid packets.
+--
+
+A corrupted key, which for example included a mangled public key
+encrypted packet, used to corrupt the keyring. This change skips all
+packets which are not allowed in a keyblock.
+
+GnuPG-bug-id: 1455
+---
+ g10/import.c | 23 ++++++++++++++++++++++-
+ 1 files changed, 22 insertions(+), 1 deletions(-)
+
+diff --git a/g10/import.c b/g10/import.c
+index 21ada41..90fc2d6 100644
+--- a/g10/import.c
++++ b/g10/import.c
+@@ -343,6 +343,27 @@ import_print_stats (void *hd)
+ }
+
+
++/* Return true if PKTTYPE is valid in a keyblock. */
++static int
++valid_keyblock_packet (int pkttype)
++{
++ switch (pkttype)
++ {
++ case PKT_PUBLIC_KEY:
++ case PKT_PUBLIC_SUBKEY:
++ case PKT_SECRET_KEY:
++ case PKT_SECRET_SUBKEY:
++ case PKT_SIGNATURE:
++ case PKT_USER_ID:
++ case PKT_ATTRIBUTE:
++ case PKT_RING_TRUST:
++ return 1;
++ default:
++ return 0;
++ }
++}
++
++
+ /****************
+ * Read the next keyblock from stream A.
+ * PENDING_PKT should be initialzed to NULL
+@@ -420,7 +441,7 @@ read_block( IOBUF a, PACKET **pending_pkt, KBNODE *ret_root )
+ }
+ in_cert = 1;
+ default:
+- if( in_cert ) {
++ if (in_cert && valid_keyblock_packet (pkt->pkttype)) {
+ if( !root )
+ root = new_kbnode( pkt );
+ else
+--
+1.7.2.5
+
diff -Nru gnupg-1.4.12/debian/patches/series gnupg-1.4.12-CVE-2012-6085/debian/patches/series
--- gnupg-1.4.12/debian/patches/series 2012-08-26 11:29:35.000000000 +0200
+++ gnupg-1.4.12-CVE-2012-6085/debian/patches/series 2013-01-02 20:44:47.550069361 +0100
@@ -1 +1,2 @@
685627_french_translation_update.patch
+CVE-2012-6085.patch
