oss-sec mailing list archives
CVE-2014-3564 gpgme: heap-based buffer overflow in gpgsm status handler
From: Stefan Cornelius <scorneli () redhat com>
Date: Thu, 31 Jul 2014 10:47:06 +0200
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, Tomáš Trnka discovered a heap-based buffer overflow in gpgme. He has provided a very good bug report in [1], so I'll refrain from copy and pasting it here. This is now fixed in version 1.5.1, the commit fixing this is linked in [2]. [1] https://bugzilla.redhat.com/show_bug.cgi?id=1113267 [2] http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpgme.git;a=commit;h=2cbd76f7911fc215845e89b50d6af5ff4a83dd77 Thanks, - -- Stefan Cornelius / Red Hat Product Security -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBAgAGBQJT2gKUAAoJEETwiYCjVSmPvvkIAIrxlBpsXTV51esgDCt5j4PE fBdjTLxAU9YJ7yZOUcZSsS3I8VHMvkHTZ8zeoPWAsLGU9Us/N7JboIXZhtgUJBLd qypxeVwiA08WfOLD30STDUwwbQSgScHsf/7vrljzaXJmvlRsph4AcR/x9lWhuRJv /3d9XrbIC9i0BOhcUcJKcwByLk7076mFTaJAWAqbLwHdqbAszKzLhBZMvUmXk3zN 5HJtFR4+7qWVdot70T41ssYxn8bYfPYsuoCuYcFdwcJ3LkR0c7n9uf1zn6g1rdvU WbzsMYml2lVan+w1l9o7BFo/9j5zhk3q5t8Nf6q0ghuk51DL6pxBNYtPiWByUUo= =LafS -----END PGP SIGNATURE-----
Current thread:
- CVE-2014-3564 gpgme: heap-based buffer overflow in gpgsm status handler Stefan Cornelius (Jul 31)