Fw: [UNIX] GnuPG Format String Vulnerability in ttyio.c's do_get()

Werner Koch wk@gnupg.org
Mon Dec 17 15:58:02 2001

On Mon, 17 Dec 2001 09:12:05 -0500, vedaal  said:

> received the alert below from securiteam,
> is it 'real'?

securiteam seems to be a bit slow reporting bugs; from gnupg's NEWS:

Noteworthy changes in version 1.0.6 (2001-05-29)

    * Security fix for a format string bug in the tty code.

Actually this was the reason to release 1.0.6 and it was done at the
same time the bug was published.  


Werner Koch        Omnis enim res, quae dando non deficit, dum habetur
g10 Code GmbH      et non datur, nondum habetur, quomodo habenda est.
Privacy Solutions                                        -- Augustinus