On Mon, 23 Mar 2015 06:31, ventur...@gmail.com said: > In the 1.4.19 announcement, the entry: "Fixed bugs related to bogus > keyrings." is the fix for CVE-2015-1606?
The Debian announcement describes this as The keyring parsing code did not properly reject certain packet types not belonging in a keyring, which caused an access to memory already freed. This could allow remote attackers to cause a denial of service (crash) via crafted keyring files. This seems to be about this fix: commit 81d3e541326e94d26a953aa70afc3cb149d11ebe gpg: Prevent an invalid memory read using a garbled keyring. * g10/keyring.c (keyring_get_keyblock): Whitelist allowed packet types. -- The keyring DB code did not reject packets which don't belong into a keyring. If for example the keyblock contains a literal data packet it is expected that the processing code stops at the data packet and reads from the input stream which is referenced from the data packets. Obviously the keyring processing code does not and cannot do that. However, when exporting this messes up the IOBUF and leads to an invalid read of sizeof (int). We now skip all packets which are not allowed in a keyring. Reported-by: Hanno Böck <ha...@hboeck.de> (back ported from commit f0f71a721ccd7ab9e40b8b6b028b59632c0cc648) [dkg: rebased to STABLE-BRANCH-1-4] Signed-off-by: Daniel Kahn Gillmor <d...@fifthhorseman.net> (I don't think that "access to memory already freed" is the right description.) > Am I right in thinking the issues found through fuzzing which led to > the release of 2.1.2 still have not be back ported to previous > releases? certainly most of the changes in the commits highlighted are > applicable accounting for the change of line numbers. I may not understand what your qyestion here. The commit you are referring to is against 2.1 (current master) and not against 1.4. The parts relevant to 1.4 and 2.0 have been ported back (see above for 1.4). Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users