Bug#375473: marked as done (SECURITY: --no-armor and long uids security bug before 1.4.4)

Tue, 27 Jun 2006 15:16:57 -0700 

Your message dated Tue, 27 Jun 2006 22:25:56 +0100
with message-id <[EMAIL PROTECTED]>
and subject line SECURITY: --no-armor and long uids security bug before 1.4.4
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message --- 
Package: gnupg
Version: 1.4.1-1.sarge3
Severity: grave
Tags: security

Hello James

I have not verified that any Debian version is affected but there was just
a mail on a German newsticker that GnuPGs last release closes a security 
hole regarding too long user ids that lead to a crash when using --no-armor.

More info is supposed to be here:
 http://lists.gnupg.org/pipermail/gnupg-announce/2006q2/000226.html

bye,

-christian-



-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.6.8-3-686-smp
Locale: LANG=de_DE, LC_CTYPE=de_DE (charmap=ISO-8859-15) (ignored: LC_ALL set 
to [EMAIL PROTECTED])

Versions of packages gnupg depends on:
ii  libbz2-1.0           1.0.2-7             high-quality block-sorting file co
ii  libc6                2.3.2.ds1-22sarge3  GNU C Library: Shared libraries an
ii  libldap2             2.1.30-8            OpenLDAP libraries
ii  libreadline5         5.0-10              GNU readline and history libraries
ii  libusb-0.1-4         2:0.1.10a-9.sarge.1 userspace USB programming library
ii  makedev              2.3.1-77            creates device files in /dev
ii  zlib1g               1:1.2.2-4.sarge.2   compression library - runtime

-- no debconf information

--- End Message ---
--- Begin Message --- 
Version: 1.4.3-2

Christian Hammers <[EMAIL PROTECTED]> writes:

> I have not verified that any Debian version is affected but there was just
> a mail on a German newsticker that GnuPGs last release closes a security
> hole regarding too long user ids that lead to a crash when using --no-armor.
> 
> More info is supposed to be here:
>  [13]http://lists.gnupg.org/pipermail/gnupg-announce/2006q2/000226.html

This has been fixed in 1.4.3-2 and the security team notified for a
stable update.

-- 
James

--- End Message ---

Reply via email to