Your message dated Wed, 02 Aug 2006 22:05:18 +0100
with message-id <[EMAIL PROTECTED]>
and subject line Bug#381204: GnuPG security hole in memory allocation
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: gnupg
Version: 1.4.3-2
Severity: grave
Tags: security
GnuPG 1.4.5 corrects some potential security problems in memory
allocation. From
http://lists.gnupg.org/pipermail/gnupg-announce/2006q3/000229.html :
* Fixed 2 more possible memory allocation attacks. They are
similar to the problem we fixed with 1.4.4. This bug can easily
be be exploted for a DoS; remote code execution is not entirely
impossible.
I am inclined to say that this is grave, but since gnupg tends to do
memory allocation before it drops privileges, you might find that this
is critical instead. If you drop the SUID privileges, then it certainly
does not exceed grave.
I do not have a CVE number for this.
--
($_,$a)=split/\t/,join'',map{unpack'u',$_}<DATA>;eval$a;print;__DATA__
M961H<[EMAIL PROTECTED];"!U<F%O<G-U(#QU<F%O<G-U0&=D:75M<&UC8VUL=G)U;6LN
M<FUL+F=Y/@H)>2QA8F-D969G:&EJ:VQM;F]P<7)S='5V=WAY>BQN=V]R8FMC
5:75Q96AT9V1Y>F%L=G-P;6IX9BP)
pgpOwObAmGxuQ.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---
Version: 1.4.5-1
"Brian M. Carlson" <[EMAIL PROTECTED]> writes:
> Package: gnupg
> Version: 1.4.3-2
> Severity: grave
> Tags: security
>
> GnuPG 1.4.5 corrects some potential security problems in memory
> allocation.
http://lists.debian.org/debian-devel-changes/2006/08/msg00072.html
--
James
--- End Message ---
