Patch for Duplicated IDs Memory Corruption on 2.0.4 tarball
Eren Türkay
turkay.eren at gmail.com
Wed Apr 2 20:00:28 CEST 2008
Hello,
You may think at first that this problem was fixed in the latest release, yes
it was but I have a problem with it.
I maintain GnuPG package for my distro. We have 2 repositories in general.
Stable and development. In stable repository, we can't add additional
dependencies of GnuPG 2.0.9 because it should be tested throughly and right
now, I should add patch for the vulnerability immediately.
I prepared a patch for 2.0.4 tarball by looking the fix in trunk/. The code in
2.0.4 tarball is little similar to that of in trunk/ so I'm not sure if it is
a real fix or not since there is no PoC.
I'll really appriciate that you review it. I don't want to add a patch which
doesn't solve anything but breaks something.
Best regards,
Eren
-------------- next part --------------
A non-text attachment was scrubbed...
Name: CVE-2008-1530-2.0.4.patch
Type: text/x-diff
Size: 1843 bytes
Desc: not available
URL: </pipermail/attachments/20080402/78c277d6/attachment.patch>
More information about the Gnupg-devel
mailing list