Package: gnupg Version: 1.4.5-3 Severity: grave Tags: security Justification: user security hole
According to an email that was sent to the gnupg-announce mailing list, the version of gnupg in unstable (as well as in stable) is vulnerable to remote attack. By introducing a malformed OpenPGP packet, an attacker can dereference a function pointer in GnuPG which can be used to control the data processed by GnuPG. All versions before 1.4.6 are affected, and the recommended fix is to upgrade to 1.4.6. -- System Information: Debian Release: 4.0 APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-2-amd64 Locale: LANG=C, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Versions of packages gnupg depends on: ii gpgv 1.4.5-3 GNU privacy guard - signature veri ii libbz2-1.0 1.0.3-6 high-quality block-sorting file co ii libc6 2.3.6.ds1-8 GNU C Library: Shared libraries ii libldap2 2.1.30-13.2 OpenLDAP libraries ii libreadline5 5.2-1 GNU readline and history libraries ii libusb-0.1-4 2:0.1.12-2 userspace USB programming library ii makedev 2.3.1-83 creates device files in /dev ii zlib1g 1:1.2.3-13 compression library - runtime gnupg recommends no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
