oss-sec mailing list archives

Re: CVE request: GnuPG 2

From: Josh Bressers <bressers () redhat com>
Date: Mon, 26 Jul 2010 15:27:40 -0400 (EDT)


----- "Florian Weimer" <fw () deneb enyo de> wrote:

GnuPG 2.0 before version 2.0.17 reuses a freed pointer when verifying
a signature or importing a certificate with many Subject Alternate
Names, possibly allowing context-dependent attacks to execute
arbitrary code.

<http://lists.gnupg.org/pipermail/gnupg-announce/2010q3/000302.html>


Please use CVE-2010-2547.

Thanks.

-- 
    JB

Current thread:

CVE request: GnuPG 2 Florian Weimer (Jul 23)
- Re: CVE request: GnuPG 2 Josh Bressers (Jul 26)