On Wed, 2 Aug 2006 21:37, Brian M. Carlson said:
I am inclined to say that this is grave, but since gnupg tends to do
memory allocation before it drops privileges, you might find that this
The allocation problem, which is overflow like
malloc(numbercontrolledbyuser+20), can only happen after
Hi,
I extracted a minimal patch from 1.4.5 for the Sarge security update.
This has been assigned CVE-2006-3746.
Thanks,
Martin
--
Martin Pitthttp://www.piware.de
Ubuntu Developer http://www.ubuntu.com
Debian Developer http://www.debian.org
In a world without walls and fences, who
Package: gnupg
Version: 1.4.3-2
Severity: grave
Tags: security
GnuPG 1.4.5 corrects some potential security problems in memory
allocation. From
http://lists.gnupg.org/pipermail/gnupg-announce/2006q3/000229.html :
* Fixed 2 more possible memory allocation attacks. They are
similar to
3 matches
Mail list logo