oss-sec mailing list archives
Re: CVE request: GnuPG 2
From: Josh Bressers <bressers () redhat com>
Date: Mon, 26 Jul 2010 15:27:40 -0400 (EDT)
----- "Florian Weimer" <fw () deneb enyo de> wrote:
GnuPG 2.0 before version 2.0.17 reuses a freed pointer when verifying a signature or importing a certificate with many Subject Alternate Names, possibly allowing context-dependent attacks to execute arbitrary code. <http://lists.gnupg.org/pipermail/gnupg-announce/2010q3/000302.html>
Please use CVE-2010-2547. Thanks. -- JB
Current thread:
- CVE request: GnuPG 2 Florian Weimer (Jul 23)
- Re: CVE request: GnuPG 2 Josh Bressers (Jul 26)