1
PublicDateAtUSN: 2014-11-26
2
Candidate: CVE-2014-9087
5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9087
6
http://lists.gnupg.org/pipermail/gnupg-announce/2014q4/000359.html
7
https://blog.fuzzing-project.org/2-Buffer-overflow-and-other-minor-issues-in-GnuPG-and-libksba-TFPA-0012014.html
8
https://usn.ubuntu.com/usn/usn-2427-1
10
Integer underflow in the ksba_oid_to_str function in Libksba before 1.3.2,
11
as used in GnuPG, allows remote attackers to cause a denial of service
12
(crash) via a crafted OID in a (1) S/MIME message or (2) ECC based OpenPGP
13
data, which triggers a buffer overflow.
16
mdeslaur> affects gnupg2 2.1 only
18
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770972
20
Discovered-by: Hanno Böck
24
upstream: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=f715b9e156dfa99ae829fc694e5a0abd23ef97d7
25
upstream_libksba: released (1.3.2-1)
26
lucid_libksba: ignored (reached end-of-life)
27
precise_libksba: released (1.2.0-2ubuntu0.1)
28
trusty_libksba: released (1.3.0-3ubuntu0.14.04.1)
29
utopic_libksba: released (1.3.0-3ubuntu0.14.10.1)
30
devel_libksba: not-affected (1.3.2-1)
33
upstream_gnupg2: needs-triage
34
lucid_gnupg2: not-affected
35
precise_gnupg2: not-affected
36
trusty_gnupg2: not-affected
37
utopic_gnupg2: not-affected
38
devel_gnupg2: not-affected