Hello there, On Sun, Jan 06, 2013 at 07:04:57PM +0100, Thijs Kinkhorst wrote: > ------------------------------------------------------------------------- > Debian Security Advisory DSA-2601-1 security@debian.org > http://www.debian.org/security/ Thijs Kinkhorst > January 06, 2013 http://www.debian.org/security/faq > ------------------------------------------------------------------------- > > Package : gnupg, gnupg2 > Vulnerability : missing input sanitation > Problem type : local (remote) > Debian-specific: no > CVE ID : CVE-2012-6085 > Debian Bug : 697108 697251 > > KB Sriram discovered that GnuPG, the GNU Privacy Guard did not > sufficiently sanitise public keys on import, which could lead to > memory and keyring corruption. > > The problem affects both version 1, in the 'gnupg' package, and > version two, in the 'gnupg2' package. > > For the stable distribution (squeeze), this problem has been fixed in > version 1.4.10-4+squeeze1 of gnupg and version 2.0.19-2+squeeze1 of > gnupg2.o ITIYM "version 2.0.14-2+squeeze1 of gnupg2". Fixed accordingly in CVS, the changes will be publicly visible soon. Cheers, Flo
Attachment:
signature.asc
Description: Digital signature