oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE-2014-3564 gpgme: heap-based buffer overflow in gpgsm status handler

From: Stefan Cornelius <scorneli () redhat com>
Date: Thu, 31 Jul 2014 10:47:06 +0200
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

Tomáš Trnka discovered a heap-based buffer overflow in gpgme. He has
provided a very good bug report in [1], so I'll refrain from copy
and pasting it here.

This is now fixed in version 1.5.1, the commit fixing this is linked in
[2].

[1] https://bugzilla.redhat.com/show_bug.cgi?id=1113267
[2]
http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpgme.git;a=commit;h=2cbd76f7911fc215845e89b50d6af5ff4a83dd77

Thanks,
- -- 
Stefan Cornelius / Red Hat Product Security
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBAgAGBQJT2gKUAAoJEETwiYCjVSmPvvkIAIrxlBpsXTV51esgDCt5j4PE
fBdjTLxAU9YJ7yZOUcZSsS3I8VHMvkHTZ8zeoPWAsLGU9Us/N7JboIXZhtgUJBLd
qypxeVwiA08WfOLD30STDUwwbQSgScHsf/7vrljzaXJmvlRsph4AcR/x9lWhuRJv
/3d9XrbIC9i0BOhcUcJKcwByLk7076mFTaJAWAqbLwHdqbAszKzLhBZMvUmXk3zN
5HJtFR4+7qWVdot70T41ssYxn8bYfPYsuoCuYcFdwcJ3LkR0c7n9uf1zn6g1rdvU
WbzsMYml2lVan+w1l9o7BFo/9j5zhk3q5t8Nf6q0ghuk51DL6pxBNYtPiWByUUo=
=LafS
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: