oss-sec mailing list archives
Re: CVE Request(s): GnuPG 2/GPG2
From: cve-assign () mitre org
Date: Mon, 5 Jan 2015 12:42:41 -0500 (EST)
On Tue, 30 Dec 2014, Joshua Rogers wrote:
I found multiple vulnerabilities in GPG2. Could some CVE-ID(s) be assigned please. Patches were provided by multiple people. -- Double free in scd/command.c: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773471 Double free in sm/minip12.c: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773472
What is the attack scenario for these double frees? It is not immediately clear whether there is a role for an attacker who is not the GnuPG user.
--- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ]
Current thread:
- Re: CVE Request(s): GnuPG 2/GPG2 cve-assign (Jan 05)
- Re: CVE Request(s): GnuPG 2/GPG2 Joshua Rogers (Jan 06)
- <Possible follow-ups>
- Re: Re: CVE Request(s): GnuPG 2/GPG2 Moritz Muehlenhoff (Jan 05)