|
Message-ID: <20140731104706.523aff9a@redhat.com> Date: Thu, 31 Jul 2014 10:47:06 +0200 From: Stefan Cornelius <scorneli@...hat.com> To: oss-security@...ts.openwall.com Subject: CVE-2014-3564 gpgme: heap-based buffer overflow in gpgsm status handler -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, Tomáš Trnka discovered a heap-based buffer overflow in gpgme. He has provided a very good bug report in [1], so I'll refrain from copy and pasting it here. This is now fixed in version 1.5.1, the commit fixing this is linked in [2]. [1] https://bugzilla.redhat.com/show_bug.cgi?id=1113267 [2] http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpgme.git;a=commit;h=2cbd76f7911fc215845e89b50d6af5ff4a83dd77 Thanks, - -- Stefan Cornelius / Red Hat Product Security -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBAgAGBQJT2gKUAAoJEETwiYCjVSmPvvkIAIrxlBpsXTV51esgDCt5j4PE fBdjTLxAU9YJ7yZOUcZSsS3I8VHMvkHTZ8zeoPWAsLGU9Us/N7JboIXZhtgUJBLd qypxeVwiA08WfOLD30STDUwwbQSgScHsf/7vrljzaXJmvlRsph4AcR/x9lWhuRJv /3d9XrbIC9i0BOhcUcJKcwByLk7076mFTaJAWAqbLwHdqbAszKzLhBZMvUmXk3zN 5HJtFR4+7qWVdot70T41ssYxn8bYfPYsuoCuYcFdwcJ3LkR0c7n9uf1zn6g1rdvU WbzsMYml2lVan+w1l9o7BFo/9j5zhk3q5t8Nf6q0ghuk51DL6pxBNYtPiWByUUo= =LafS -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.