Bug#697108: marked as done (gnupg key import memory corruption)

[Debian Bug Tracking System]

Your message dated Wed, 02 Jan 2013 19:47:41 +0000
with message-id <e1tquht-0001ix...@franck.debian.org>
and subject line Bug#697108: fixed in gnupg 1.4.12-7
has caused the Debian Bug report #697108,
regarding gnupg key import memory corruption
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
697108: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697108
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: gnupg
Version: 1.4.12-6
Severity: grave
Tags: security

Please see http://seclists.org/bugtraq/2012/Dec/151    

Cheers,
        Moritz

--- End Message ---

--- Begin Message ---

Source: gnupg
Source-Version: 1.4.12-7

We believe that the bug you reported is fixed in the latest version of
gnupg, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 697...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Thijs Kinkhorst <th...@debian.org> (supplier of updated gnupg package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Wed, 02 Jan 2013 19:48:36 +0100
Source: gnupg
Binary: gnupg gnupg-curl gpgv gnupg-udeb gpgv-udeb gpgv-win32
Architecture: source all amd64
Version: 1.4.12-7
Distribution: unstable
Urgency: high
Maintainer: Debian GnuPG-Maintainers <pkg-gnupg-ma...@lists.alioth.debian.org>
Changed-By: Thijs Kinkhorst <th...@debian.org>
Description: 
 gnupg      - GNU privacy guard - a free PGP replacement
 gnupg-curl - GNU privacy guard - a free PGP replacement (cURL)
 gnupg-udeb - GNU privacy guard - a free PGP replacement (udeb)
 gpgv       - GNU privacy guard - signature verification tool
 gpgv-udeb  - minimal signature verification tool (udeb)
 gpgv-win32 - GNU privacy guard - signature verification tool (win32 build)
Closes: 697108
Changes: 
 gnupg (1.4.12-7) unstable; urgency=high
 .
   * Apply upstream patch to fix memory and key database corruption
     when importing with invalid keys (CVE-2012-6085, closes: #697108).
Checksums-Sha1: 
 ea6278a011e2592ce8939db93c7cec154211a294 1962 gnupg_1.4.12-7.dsc
 ff054dc49db8081005e25c06261945f4d1ec5c3e 92800 gnupg_1.4.12-7.debian.tar.gz
 966d4fbf2c8fb6614754c22055a7d0cd79508a85 613124 gpgv-win32_1.4.12-7_all.deb
 1d6c54db10ac72a00bdb3d5085b30a69059328d4 1952176 gnupg_1.4.12-7_amd64.deb
 5278ed4a67fe518879e2f60d94330a60057c2295 63242 gnupg-curl_1.4.12-7_amd64.deb
 e9cae08ac46db0c05059443468d2627f71f862bb 225926 gpgv_1.4.12-7_amd64.deb
 f43a559f7060eaa2a3d39636221c9e68a3c75768 352692 gnupg-udeb_1.4.12-7_amd64.udeb
 0439f07da5b2ba286840fbadfa27cde45de590c2 129402 gpgv-udeb_1.4.12-7_amd64.udeb
Checksums-Sha256: 
 000fe943a73fb86289902f49e331c8144514c8079785ed72d6fb5dc07fe3d67c 1962 
gnupg_1.4.12-7.dsc
 95c339745e3fde8ad21aad39c1b83ce318fea348cab2d6f3437ef1ac7df549ab 92800 
gnupg_1.4.12-7.debian.tar.gz
 9259a0d601f773fc9805859a7f94f43bae0b70bfdfbe0c2e782ee1fcb41ded88 613124 
gpgv-win32_1.4.12-7_all.deb
 6fb862ee92eae7b061295edb7855b52d52b40b16d0e67bc8d14fb92818d1480f 1952176 
gnupg_1.4.12-7_amd64.deb
 e62116d0a532c92590379d04c8f2dce6274bb03e25d5e6d628c8219f91254a8b 63242 
gnupg-curl_1.4.12-7_amd64.deb
 080f1fa0efa0460480a4d77cc9b8ab7558276107cae785e42af48f51f1bb2dd4 225926 
gpgv_1.4.12-7_amd64.deb
 a09272e3bc0a2eb902f217d1990ef6ba231a0d007202990da37544b10a074d20 352692 
gnupg-udeb_1.4.12-7_amd64.udeb
 01b1906f2b1b7d8862aa78c563a2ed5ce73f6f8d2f3a8bc5f45738e0da566bd4 129402 
gpgv-udeb_1.4.12-7_amd64.udeb
Files: 
 471c8300380725eb75f6123fad50bf39 1962 utils important gnupg_1.4.12-7.dsc
 8d52378d6cebc32ec40c9726f120cf74 92800 utils important 
gnupg_1.4.12-7.debian.tar.gz
 1b7686045456041e3538927dc7cf002d 613124 utils extra gpgv-win32_1.4.12-7_all.deb
 6f3dc49ad3163c9c540029b83f2e52ca 1952176 utils important 
gnupg_1.4.12-7_amd64.deb
 de16b9c8b05362038b5dc325699319fd 63242 utils optional 
gnupg-curl_1.4.12-7_amd64.deb
 3d39469bb35082e70bcd486142bcfe82 225926 utils important gpgv_1.4.12-7_amd64.deb
 6b569206c73b0e6e45960b885b59366f 352692 debian-installer extra 
gnupg-udeb_1.4.12-7_amd64.udeb
 16fdc77ddad0f7a0a9e387273f5cfcef 129402 debian-installer extra 
gpgv-udeb_1.4.12-7_amd64.udeb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAEBAgAGBQJQ5IttAAoJEFb2GnlAHawEnWwH/A2huLhSAuFsLJnMcAMaVqZl
dW6WAFJzJ9eHV4+qtK2tkt23X5Zu7nPZXNeDFT2o7gwApU7SMfJL5kDan/7z+Lx+
HybHFRAstuySNA1wNiyRGWmAoWLRHBmDMTBNQpJJKuGpbv9GlbNvIOWk2qXVNtHo
Oc5kqpUzFE0ilmRpj0T4oyIAV1cU3PLWogKdoD8uy2DgO0CHOfHf+F8ccmmhC9/H
WibvWK+L82h7AKHfA8sA/v/uYpwoSrf3bJNtG/eKtxzF7kHFMc7iVnlKQI4uhB02
I5D90boxRG8IJDtTMj9dFx6fMa7HD9H+jz32xVmfFSNcxqwe/1oy949bom7Mdbc=
=TBRw
-----END PGP SIGNATURE-----

--- End Message ---