Patch for Duplicated IDs Memory Corruption on 2.0.4 tarball

Eren Türkay turkay.eren at
Wed Apr 2 20:00:28 CEST 2008


You may think at first that this problem was fixed in the latest release, yes 
it was but I have a problem with it.

I maintain GnuPG package for my distro. We have 2 repositories in general. 
Stable and development. In stable repository, we can't add additional 
dependencies of GnuPG 2.0.9 because it should be tested throughly and right 
now, I should add patch for the vulnerability immediately.

I prepared a patch for 2.0.4 tarball by looking the fix in trunk/. The code in 
2.0.4 tarball is little similar to that of in trunk/ so I'm not sure if it is 
a real fix or not since there is no PoC.

I'll really appriciate that you review it. I don't want to add a patch which 
doesn't solve anything but breaks something.

Best regards,
-------------- next part --------------
A non-text attachment was scrubbed...
Name: CVE-2008-1530-2.0.4.patch
Type: text/x-diff
Size: 1843 bytes
Desc: not available
URL: </pipermail/attachments/20080402/78c277d6/attachment.patch>

More information about the Gnupg-devel mailing list