Your message dated Tue, 4 Jul 2006 22:24:13 +0200
with message-id <[EMAIL PROTECTED]>
and subject line Fixed in NMU of gnupg2 1.9.20-1.1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: gnupg2
Version: 1.9.20-1 1.9.15-6
Severity: serious
Tags: security patch
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
CVE-2006-3082: "parse-packet.c in GnuPG (gpg) 1.4.3 and 1.9.20, and
earlier versions, allows remote attackers to cause a denial of service
(gpg crash) and possibly overwrite memory via a message packet with a
large length, which could lead to an integer overflow, as demonstrated
using the --no-armor option."
Test case:
perl -e 'print "\xcd\xff\xff\xff\xff\xfe"'| gpg2 --no-armor
The test case will reproducibly crash gnupg2 in both sid and sarge.
There is a patch [1] in the GnuPG CVS that purports to fix the issue; I
have not yet tested to see if it does (or even if it applies cleanly).
Please mention the CVE in your changelog.
Thanks,
Alec
[1]
http://cvs.gnupg.org/cgi-bin/viewcvs.cgi/trunk/g10/parse-packet.c?rev=4157&r1=4141&r2=4157&diff_format=u
- -- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/dash
Kernel: Linux 2.6.16-alec-laptop
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Versions of packages gnupg2 depends on:
ii libc6 2.3.6-15 GNU C Library: Shared libraries
ii libgcrypt11 1.2.2-1 LGPL Crypto library - runtime libr
ii libgpg-error0 1.2-1 library for common error values an
ii libksba8 0.9.14-1 X.509 and CMS support library
ii makedev 2.3.1-81 creates device files in /dev
ii zlib1g 1:1.2.3-12 compression library - runtime
Versions of packages gnupg2 recommends:
ii gnupg 1.4.3-1 GNU privacy guard - a free PGP rep
- -- no debconf information
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
iD8DBQFEmyoLAud/2YgchcQRAghQAKCjmyj8ryjtau0IsWh6/Z8m8M7ALQCcDyt8
ZAlFu5yE8RdjscyhSyynuFs=
=ilQB
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
Version: 1.9.20-1.1
I've NMUed for this bug (fixing the bug to use versioning instead of the
"fixed" tag, to ease tracking through testing); here's the changelog:
> gnupg2 (1.9.20-1.1) unstable; urgency=high
> .
> * Non-maintainer upload.
> * Adapt patch from upstream CVS, fixing buffer overflow leading to remote
> DoS/crash (CVE-2006-3082). (Closes: #375053)
/* Steinar */
--
Homepage: http://www.sesse.net/
--- End Message ---
