gnupg (1.4.3-2ubuntu3) edgy; urgency=low
.
* SECURITY UPDATE: Local arbitrary code execution.
* Add debian/patches/27_comment_control_overflow.dpatch:
- Fix buffer overflows in parse_comment() and parse_gpg_control().
- Patch extracted from stable 1.4.5 release.
- Reproducer:
perl -e 'print "\xfd\xff\xff\xff\xff\xfe"'| gpg --no-armor
- Credit: Evgeny Legerov
- CVE-2006-3746
Fix for stables uploaded.
--
gnupg 1.4.5 contains 2 security fixes
https://launchpad.net/bugs/54844
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
