Patch for Duplicated IDs Memory Corruption on 2.0.4 tarball

David Shaw dshaw at
Wed Apr 2 21:19:13 CEST 2008

On Wed, Apr 02, 2008 at 09:00:28PM +0300, Eren T??rkay wrote:
> Hello,
> You may think at first that this problem was fixed in the latest release, yes 
> it was but I have a problem with it.
> I maintain GnuPG package for my distro. We have 2 repositories in general. 
> Stable and development. In stable repository, we can't add additional 
> dependencies of GnuPG 2.0.9 because it should be tested throughly and right 
> now, I should add patch for the vulnerability immediately.
> I prepared a patch for 2.0.4 tarball by looking the fix in
> trunk/. The code in 2.0.4 tarball is little similar to that of in
> trunk/ so I'm not sure if it is a real fix or not since there is no
> PoC.

The problem does not exist in 2.0.4, so no patch is needed.  The
problem only exists in 2.0.8 and 1.4.8.


More information about the Gnupg-devel mailing list