Patch for Duplicated IDs Memory Corruption on 2.0.4 tarball
David Shaw
dshaw at jabberwocky.com
Wed Apr 2 21:52:21 CEST 2008
On Wed, Apr 02, 2008 at 10:34:24PM +0300, Eren T?rkay wrote:
> On 02 Apr 2008 Wed 22:19:13 David Shaw wrote:
> > The problem does not exist in 2.0.4, so no patch is needed. ?The
> > problem only exists in 2.0.8 and 1.4.8.
> >
> > David
>
> Hmm, secunia [0] published it as 2.x and 1.x, so I though that the
> vulnerability exists on all versions of GnuPG except 2.0.9 and 1.4.9.
>
> [0] http://secunia.com/advisories/29568/
Secunia are fine people, but they're in error on this point. The only
versions of GnuPG that have the bug are 1.4.8 and 2.0.8. No other
versions.
The CVE (CVE-2008-1530) gets it right.
David
More information about the Gnupg-devel
mailing list