diff options
| author | Jun Kuriyama <kuriyama@FreeBSD.org> | 2006-11-28 05:57:34 +0000 |
|---|---|---|
| committer | Jun Kuriyama <kuriyama@FreeBSD.org> | 2006-11-28 05:57:34 +0000 |
| commit | a8f2223ca732af295c60062189741e1162d17c2b (patch) | |
| tree | bf5002867a96a6b8a974c73c73b0d1be1e0cef35 /security | |
| parent | 2f87737bbf796b6202631d65e76ccbc8c037c5d9 (diff) | |
| download | ports-a8f2223ca732af295c60062189741e1162d17c2b.tar.gz ports-a8f2223ca732af295c60062189741e1162d17c2b.zip | |
Notes
Diffstat (limited to 'security')
| -rw-r--r-- | security/vuxml/vuln.xml | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 3097fe8cdbc7..edfa11f3181e 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -34,6 +34,39 @@ Note: Please add new entries to the beginning of this file. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="34c93ae8-7e6f-11db-bf00-02e081235dab"> + <topic>gnupg -- buffer overflow</topic> + <affects> + <package> + <name>gnupg</name> + <range><lt>1.4.5_1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Author reports:</p> + <blockquote cite="http://lists.gnupg.org/pipermail/gnupg-announce/2006q4/000241.html"> + <p>When running GnuPG interactively, special crafted messages may be used +to crash gpg or gpg2. Running gpg in batch mode, as done by all +software using gpg as a backend (e.g. mailers), is not affected by +this bug. + +Exploiting this overflow seems to be possible. + +gpg-agent, gpgsm, gpgv or other tools from the GnuPG suite are not +affected.</p> + </blockquote> + </body> + </description> + <references> + <url>http://lists.gnupg.org/pipermail/gnupg-announce/2006q4/000241.html</url> + </references> + <dates> + <discovery>2006-11-27</discovery> + <entry>2006-11-27</entry> + </dates> + </vuln> + <vuln vid="cca97f5f-7435-11db-91de-0008743bf21a"> <topic>proftpd -- Remote Code Execution Vulnerability</topic> <affects> |