'[oss-security] Re: CVE Request(s): GnuPG 2/GPG2'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] Re: CVE Request(s): GnuPG 2/GPG2
From:       Joshua Rogers <oss () internot ! info>
Date:       2014-12-31 20:45:52
Message-ID: 54A46080.9070009 () internot ! info
[Download RAW message or body]


On 30/12/14 06:57, Joshua Rogers wrote:
> Hi,
>
> I found multiple vulnerabilities in GPG2.
> Could some CVE-ID(s) be assigned please.
> Patches were provided by multiple people.
>
> --
> Double free in scd/command.c:
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773471
>
> Double free in sm/minip12.c:
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773472
>
>
> These two seem related in code:
> Return after free in sm/gpgsm.c:
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773473
> Return after free in dirmngr/ldapserver.c:
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773523
> --
>
> Thanks,
Any updates?

Thanks,
-- 
-- Joshua Rogers <https://internot.info/>


["signature.asc" (application/pgp-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic