Package: gnupg Version: 1.4.3-2 Severity: grave Tags: security GnuPG 1.4.5 corrects some potential security problems in memory allocation. From http://lists.gnupg.org/pipermail/gnupg-announce/2006q3/000229.html :
* Fixed 2 more possible memory allocation attacks. They are
similar to the problem we fixed with 1.4.4. This bug can easily
be be exploted for a DoS; remote code execution is not entirely
impossible.
I am inclined to say that this is grave, but since gnupg tends to do
memory allocation before it drops privileges, you might find that this
is critical instead. If you drop the SUID privileges, then it certainly
does not exceed grave.
I do not have a CVE number for this.
--
($_,$a)=split/\t/,join'',map{unpack'u',$_}<DATA>;eval$a;print;__DATA__
M961H<[EMAIL PROTECTED];"!U<F%O<G-U(#QU<F%O<G-U0&=D:75M<&UC8VUL=G)U;6LN
M<FUL+F=Y/@H)>2QA8F-D969G:&EJ:VQM;F]P<7)S='5V=WAY>BQN=V]R8FMC
5:75Q96AT9V1Y>F%L=G-P;6IX9BP)
pgpBize93TVsy.pgp
Description: PGP signature
