An incomplete fix for CVE-2016-4356 was reported in libksba. The old fix for the problem from April 2015 had an off-by-one in the bad encoding handing. Upstream fix: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=6be61daac047d8e6aa941eb103f8e71a1d4e3c75 CVE assignment: http://seclists.org/oss-sec/2016/q2/300
Created libksba tracking bugs for this issue: Affects: fedora-all [bug 1334832]
libksba-1.3.4-1.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.
libksba-1.3.4-1.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.