Package: gnupg2 Version: 2.1.1 Severity: normal
Hi, On line 1242 of app-nks.c, 'xtrymalloc' is called with 'datalen', which is calculated using "size_t datalen = oldpinlen + newpinlen" This does not account for the null-bytes, and may cause either a buffer overflow, or other problems down the line. Thanks, -- -- Joshua Rogers <https://internot.info/> -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
