219934 – GnuPG: remotely controllable function pointer (CVE-2006-6235)

Bug 219934 - GnuPG: remotely controllable function pointer (CVE-2006-6235)

Summary: GnuPG: remotely controllable function pointer (CVE-2006-6235)

Keywords:
Status:	CLOSED NOTABUG
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	gnupg2
Sub Component:
Version:	5
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Rex Dieter
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2006-12-17 04:10 UTC by Leo
Modified:	2007-11-30 22:11 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2006-12-17 05:02:23 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Leo 2006-12-17 04:10:00 UTC

Description of problem:
As stated in http://lists.gnupg.org/pipermail/gnupg-announce/2006q4/000246.html,
there is a security bug in GnuPG2.

Second of all, stable GnuPG2 has been released for quite some time. Is an update
planned for GnuPG2 in FC5?

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:

Comment 1 Rex Dieter 2006-12-17 05:02:23 UTC

FC-5's gnupg2 is not vulnerable, since it doesn't include the affected
gpg2/gpg2v binaries (closing -> NOTABUG)

And no, a FC-5 update is not planned (for now), since newer gnupg2 requires 
libgpg-error => 1.4, which isn't present in FC-5 (though admittedly, I haven't
tried lobbying the libgpg-error maintainer for an update for FC-5).

Note You need to log in before you can comment on or make changes to this bug.