[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] Re: CVE request: GnuPG-1
From: cve-assign () mitre ! org
Date: 2014-06-24 14:25:42
Message-ID: 201406241425.s5OEPg8f008148 () linus ! mitre ! org
[Download RAW message or body]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
> http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=014b2103fcb12f261135e3954f26e9e07b39e342
> http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=11fdfcf82bd8d2b5bc38292a29876e10770f4b0a
> http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000344.html
> This release includes a *security fix* to stop a possible DoS using
> garbled compressed data packets which can be used to put gpg into an
> infinite loop.
> A packet like (a3 01 5b ff) leads to an infinite loop.
Use CVE-2014-4617 for this issue affecting both GnuPG 1.x before
1.4.17 and 2.x before 2.0.24.
- --
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)
iQEcBAEBAgAGBQJTqYoHAAoJEKllVAevmvmsQhUIAMb33SXyGjEUBXPH5DcMA6hT
f+0xo7Hk9eHCuOo2mYuCIOba/juCIDm1ur/KCCmEShk7LyLczDwIxROOnSGmyhTG
kss5LIAqmYcvVbFveWnVVMvPJgYXBABBnhPjs3r2hFN8dgzYYKrz8rbR+SkTFoiK
kKRMAeYOSbpp/vIq1KvippLmCqWpk78Em8lKy5A00I8H7fUHsz1nXjVftGGYH7Og
J0ZFFRIYQUnm0tMRXPLzIf7WCxnQB0XMyI82ag6b4JS2BE1rBAKWZ6c3W1eKeGjy
VHvwKL3sKycKcb8Z0TOR1N0oqwtouy8pvyV6gpD7Y5xubLGZ6mdQpq6CptbQILM=
=Ft2X
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic