oss-sec mailing list archives
Re: Re: CVE Request(s): GnuPG 2/GPG2
From: Moritz Muehlenhoff <jmm () debian org>
Date: Mon, 5 Jan 2015 19:13:24 +0100
On Thu, Jan 01, 2015 at 07:45:52AM +1100, Joshua Rogers wrote:
On 30/12/14 06:57, Joshua Rogers wrote:Hi, I found multiple vulnerabilities in GPG2. Could some CVE-ID(s) be assigned please. Patches were provided by multiple people. -- Double free in scd/command.c: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773471 Double free in sm/minip12.c: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773472 These two seem related in code: Return after free in sm/gpgsm.c: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773473 Return after free in dirmngr/ldapserver.c: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773523 -- Thanks,Any updates?
Explicitly adding cve-assign to CC. Cheers, Moritz
Current thread:
- Re: CVE Request(s): GnuPG 2/GPG2 cve-assign (Jan 05)
- Re: CVE Request(s): GnuPG 2/GPG2 Joshua Rogers (Jan 06)
- <Possible follow-ups>
- Re: Re: CVE Request(s): GnuPG 2/GPG2 Moritz Muehlenhoff (Jan 05)