gnupg: two issues (CVE-2015-1606, CVE-2015-1607)
Multiple issues found in gnupg.
CVE-2015-1606: Use after free resulting from failure to skip invalid packets
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1606
https://blog.fuzzing-project.org/5-Multiple-issues-in-GnuPG-found-through-keyring-fuzzing-TFPA-0012015.html
http://www.ubuntu.com/usn/usn-2554-1
PATCHES:
http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-1606.html
CVE-2015-1607: memcpy with overlapping ranges, resulting from incorrect bitwise left shifts
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1607
https://blog.fuzzing-project.org/5-Multiple-issues-in-GnuPG-found-through-keyring-fuzzing-TFPA-0012015.html
http://www.ubuntu.com/usn/usn-2554-1
http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-1607.html
(from redmine: issue id 4092, created on 2015-04-22, closed on 2015-05-06)
- Relations:
- child #4093 (closed)
- child #4094 (closed)
- child #4095 (closed)
- child #4096 (closed)
- Changesets:
- Revision 7991b613 by Natanael Copa on 2015-04-23T11:11:51Z:
main/gnupg: security upgrade to 2.1.3 (CVE-2015-1606,CVE-2015-1607)
ref #4092
fixes #4096