oss-sec mailing list archives

Re: Re: CVE Request(s): GnuPG 2/GPG2

From: Moritz Muehlenhoff <jmm () debian org>
Date: Mon, 5 Jan 2015 19:13:24 +0100

On Thu, Jan 01, 2015 at 07:45:52AM +1100, Joshua Rogers wrote:

On 30/12/14 06:57, Joshua Rogers wrote:

Hi,

I found multiple vulnerabilities in GPG2.
Could some CVE-ID(s) be assigned please.
Patches were provided by multiple people.

--
Double free in scd/command.c:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773471

Double free in sm/minip12.c:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773472


These two seem related in code:
Return after free in sm/gpgsm.c:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773473
Return after free in dirmngr/ldapserver.c:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773523
--

Thanks,

Any updates?


Explicitly adding cve-assign to CC.

Cheers,
        Moritz

Current thread:

Re: CVE Request(s): GnuPG 2/GPG2 cve-assign (Jan 05)
- Re: CVE Request(s): GnuPG 2/GPG2 Joshua Rogers (Jan 06)
- <Possible follow-ups>
- Re: Re: CVE Request(s): GnuPG 2/GPG2 Moritz Muehlenhoff (Jan 05)