Bug 219934 - GnuPG: remotely controllable function pointer (CVE-2006-6235)
GnuPG: remotely controllable function pointer (CVE-2006-6235)
Product: Fedora
Classification: Fedora
Component: gnupg2 (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Rex Dieter
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2006-12-16 23:10 EST by Leo
Modified: 2007-11-30 17:11 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2006-12-17 00:02:23 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Leo 2006-12-16 23:10:00 EST
Description of problem:
As stated in http://lists.gnupg.org/pipermail/gnupg-announce/2006q4/000246.html,
there is a security bug in GnuPG2.

Second of all, stable GnuPG2 has been released for quite some time. Is an update
planned for GnuPG2 in FC5?

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
Actual results:

Expected results:

Additional info:
Comment 1 Rex Dieter 2006-12-17 00:02:23 EST
FC-5's gnupg2 is not vulnerable, since it doesn't include the affected
gpg2/gpg2v binaries (closing -> NOTABUG)

And no, a FC-5 update is not planned (for now), since newer gnupg2 requires 
libgpg-error => 1.4, which isn't present in FC-5 (though admittedly, I haven't
tried lobbying the libgpg-error maintainer for an update for FC-5).

Note You need to log in before you can comment on or make changes to this bug.