Patch for Duplicated IDs Memory Corruption on 2.0.4 tarball
David Shaw
dshaw at jabberwocky.com
Wed Apr 2 21:19:13 CEST 2008
On Wed, Apr 02, 2008 at 09:00:28PM +0300, Eren T??rkay wrote:
> Hello,
>
> You may think at first that this problem was fixed in the latest release, yes
> it was but I have a problem with it.
>
> I maintain GnuPG package for my distro. We have 2 repositories in general.
> Stable and development. In stable repository, we can't add additional
> dependencies of GnuPG 2.0.9 because it should be tested throughly and right
> now, I should add patch for the vulnerability immediately.
>
> I prepared a patch for 2.0.4 tarball by looking the fix in
> trunk/. The code in 2.0.4 tarball is little similar to that of in
> trunk/ so I'm not sure if it is a real fix or not since there is no
> PoC.
The problem does not exist in 2.0.4, so no patch is needed. The
problem only exists in 2.0.8 and 1.4.8.
David
More information about the Gnupg-devel
mailing list