Patch for Duplicated IDs Memory Corruption on 2.0.4 tarball
dshaw at jabberwocky.com
Wed Apr 2 21:19:13 CEST 2008
On Wed, Apr 02, 2008 at 09:00:28PM +0300, Eren T??rkay wrote:
> You may think at first that this problem was fixed in the latest release, yes
> it was but I have a problem with it.
> I maintain GnuPG package for my distro. We have 2 repositories in general.
> Stable and development. In stable repository, we can't add additional
> dependencies of GnuPG 2.0.9 because it should be tested throughly and right
> now, I should add patch for the vulnerability immediately.
> I prepared a patch for 2.0.4 tarball by looking the fix in
> trunk/. The code in 2.0.4 tarball is little similar to that of in
> trunk/ so I'm not sure if it is a real fix or not since there is no
The problem does not exist in 2.0.4, so no patch is needed. The
problem only exists in 2.0.8 and 1.4.8.
More information about the Gnupg-devel