-
Committer:
Bazaar Package Importer
-
Author(s):
Martin Pitt
-
Date:
2006-08-03 08:11:46 UTC
-
Revision ID:
james.westby@ubuntu.com-20060803081146-jd40oc3zrunsn6zx
Tags: 1.4.3-2ubuntu3
* SECURITY UPDATE: Local arbitrary code execution.
* Add debian/patches/27_comment_control_overflow.dpatch:
- Fix buffer overflows in parse_comment() and parse_gpg_control().
- Patch extracted from stable 1.4.5 release.
- Reproducer:
perl -e 'print "\xfd\xff\xff\xff\xff\xfe"'| gpg --no-armor
- Credit: Evgeny Legerov
- CVE-2006-3746