Clarification on advisories
Sevan / Venture37
venture37 at gmail.com
Mon Mar 23 06:31:00 CET 2015
Hi,
In the 1.4.19 announcement, the entry: "Fixed bugs related to bogus
keyrings." is the fix for CVE-2015-1606?
https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html
The following commit appears to be present in 1.4.19
http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff;h=f0f71a721ccd7ab9e40b8b6b028b59632c0cc648
Am I right in thinking the issues found through fuzzing which led to
the release of 2.1.2 still have not be back ported to previous
releases? certainly most of the changes in the commits highlighted are
applicable accounting for the change of line numbers.
Regards
Sevan / Venture37
More information about the Gnupg-users
mailing list