oss-sec mailing list archives
Re: CVE request: GnuPG-1
From: mancha <mancha1 () zoho com>
Date: Tue, 24 Jun 2014 05:53:28 +0000
On Tue, Jun 24, 2014 at 05:36:15AM +0000, mancha wrote:
GnuPG 1.4.17 released on 20140623 [1] fixes a security flaw, reported by Olivier Levillain and Florian Maury, that can be exploited via crafted input to cause a denial of service by triggering an infinite loop [2]. Please allocate a CVE identifier for this issue. Many thanks. --mancha [1] http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000344.html [2] http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff;h=11fdfcf82bd8
This issue has also been corrected in the GnuPG-2 branch [3] though there is not yet a point release which includes the fix. Contrary to my subject line, the CVE request is for both GnuPG 1 & 2. [3] http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff;h=014b2103fcb1
Attachment:
_bin
Description:
Current thread:
- CVE request: GnuPG-1 mancha (Jun 23)
- Re: CVE request: GnuPG-1 mancha (Jun 23)
- Re: CVE request: GnuPG-1 Werner Koch (Jun 24)
- Re: CVE request: GnuPG-1 Olivier Levillain (Jun 24)
- Re: CVE request: GnuPG-1 cve-assign (Jun 24)
- Re: CVE request: GnuPG-1 mancha (Jun 23)