oss-sec mailing list archives
CVE request: GnuPG 2
From: Florian Weimer <fw () deneb enyo de>
Date: Fri, 23 Jul 2010 21:02:37 +0200
GnuPG 2.0 before version 2.0.17 reuses a freed pointer when verifying a signature or importing a certificate with many Subject Alternate Names, possibly allowing context-dependent attacks to execute arbitrary code. <http://lists.gnupg.org/pipermail/gnupg-announce/2010q3/000302.html>
Current thread:
- CVE request: GnuPG 2 Florian Weimer (Jul 23)
- Re: CVE request: GnuPG 2 Josh Bressers (Jul 26)