Clarification on advisories

Sevan / Venture37 venture37 at
Mon Mar 23 06:31:00 CET 2015

In the 1.4.19 announcement, the entry: "Fixed bugs related to bogus
keyrings." is the fix for CVE-2015-1606?

The following commit appears to be present in 1.4.19;a=commitdiff;h=f0f71a721ccd7ab9e40b8b6b028b59632c0cc648

Am I right in thinking the issues found through fuzzing which led to
the release of 2.1.2 still have not be back ported to previous
releases? certainly most of the changes in the commits highlighted are
applicable accounting for the change of line numbers.


Sevan / Venture37

More information about the Gnupg-users mailing list