Your message dated Fri, 04 Aug 2006 15:47:22 -0700
with message-id <[EMAIL PROTECTED]>
and subject line Bug#375053: fixed in gnupg2 1.9.20-2
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: gnupg2
Version: 1.9.20-1 1.9.15-6
Severity: serious
Tags: security patch
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
CVE-2006-3082: "parse-packet.c in GnuPG (gpg) 1.4.3 and 1.9.20, and
earlier versions, allows remote attackers to cause a denial of service
(gpg crash) and possibly overwrite memory via a message packet with a
large length, which could lead to an integer overflow, as demonstrated
using the --no-armor option."
Test case:
perl -e 'print "\xcd\xff\xff\xff\xff\xfe"'| gpg2 --no-armor
The test case will reproducibly crash gnupg2 in both sid and sarge.
There is a patch [1] in the GnuPG CVS that purports to fix the issue; I
have not yet tested to see if it does (or even if it applies cleanly).
Please mention the CVE in your changelog.
Thanks,
Alec
[1]
http://cvs.gnupg.org/cgi-bin/viewcvs.cgi/trunk/g10/parse-packet.c?rev=4157&r1=4141&r2=4157&diff_format=u
- -- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/dash
Kernel: Linux 2.6.16-alec-laptop
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Versions of packages gnupg2 depends on:
ii libc6 2.3.6-15 GNU C Library: Shared libraries
ii libgcrypt11 1.2.2-1 LGPL Crypto library - runtime libr
ii libgpg-error0 1.2-1 library for common error values an
ii libksba8 0.9.14-1 X.509 and CMS support library
ii makedev 2.3.1-81 creates device files in /dev
ii zlib1g 1:1.2.3-12 compression library - runtime
Versions of packages gnupg2 recommends:
ii gnupg 1.4.3-1 GNU privacy guard - a free PGP rep
- -- no debconf information
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
iD8DBQFEmyoLAud/2YgchcQRAghQAKCjmyj8ryjtau0IsWh6/Z8m8M7ALQCcDyt8
ZAlFu5yE8RdjscyhSyynuFs=
=ilQB
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
Source: gnupg2
Source-Version: 1.9.20-2
We believe that the bug you reported is fixed in the latest version of
gnupg2, which is due to be installed in the Debian FTP archive:
gnupg-agent_1.9.20-2_i386.deb
to pool/main/g/gnupg2/gnupg-agent_1.9.20-2_i386.deb
gnupg2_1.9.20-2.diff.gz
to pool/main/g/gnupg2/gnupg2_1.9.20-2.diff.gz
gnupg2_1.9.20-2.dsc
to pool/main/g/gnupg2/gnupg2_1.9.20-2.dsc
gnupg2_1.9.20-2_i386.deb
to pool/main/g/gnupg2/gnupg2_1.9.20-2_i386.deb
gpgsm_1.9.20-2_i386.deb
to pool/main/g/gnupg2/gpgsm_1.9.20-2_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Eric Dorland <[EMAIL PROTECTED]> (supplier of updated gnupg2 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Fri, 4 Aug 2006 18:11:43 -0400
Source: gnupg2
Binary: gnupg2 gpgsm gnupg-agent
Architecture: source i386
Version: 1.9.20-2
Distribution: unstable
Urgency: high
Maintainer: Eric Dorland <[EMAIL PROTECTED]>
Changed-By: Eric Dorland <[EMAIL PROTECTED]>
Description:
gnupg-agent - GNU privacy guard - password agent
gnupg2 - GNU privacy guard - a free PGP replacement
gpgsm - GNU privacy guard - S/MIME version
Closes: 375053 376755
Changes:
gnupg2 (1.9.20-2) unstable; urgency=high
.
* debian/control: Make myself the maintainer with Matthias' permission.
* Acknowledge NMU. (Closes: #375053, #376755)
* g10/parse-packet.c: Patch from Martin Schulze to backport security fix
for CVE-2006-3746, crash when receiving overly long comments.
Files:
f2fb1c744cc0e33c3e89914bb3178657 841 utils optional gnupg2_1.9.20-2.dsc
c560c762a948bcb71d7dbcd55dbbdab8 282478 utils optional gnupg2_1.9.20-2.diff.gz
fefdc1ff86b6f16cafc940151c848bfb 175296 utils optional
gnupg-agent_1.9.20-2_i386.deb
5f6f161dafbbdc21fa513d8cb2788069 300278 utils optional gpgsm_1.9.20-2_i386.deb
3f9dc2af241df63ac293841776d4266f 773312 utils extra gnupg2_1.9.20-2_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iD8DBQFE08tpYemOzxbZcMYRAiCFAJ9jGtEzmgobVcs/J4vYUVlIEtcgEQCgsmPL
Bvyk510/F7+O+xtwcZK51Pc=
=rhja
-----END PGP SIGNATURE-----
--- End Message ---
