Red Hat Bugzilla – Bug 219934
GnuPG: remotely controllable function pointer (CVE-2006-6235)
Last modified: 2007-11-30 17:11:51 EST
Description of problem:
As stated in http://lists.gnupg.org/pipermail/gnupg-announce/2006q4/000246.html,
there is a security bug in GnuPG2.
Second of all, stable GnuPG2 has been released for quite some time. Is an update
planned for GnuPG2 in FC5?
Version-Release number of selected component (if applicable):
Steps to Reproduce:
FC-5's gnupg2 is not vulnerable, since it doesn't include the affected
gpg2/gpg2v binaries (closing -> NOTABUG)
And no, a FC-5 update is not planned (for now), since newer gnupg2 requires
libgpg-error => 1.4, which isn't present in FC-5 (though admittedly, I haven't
tried lobbying the libgpg-error maintainer for an update for FC-5).