[Gpg4win-devel] 2.0.4 for gpgsm fix
Bernhard Reiter
bernhard at intevation.de
Wed Jul 28 11:58:25 CEST 2010
IMHO we should publish 2.0.4 right away
to fix the gpgsm issue.
Citing:
http://lists.gnupg.org/pipermail/gnupg-announce/2010q3/000302.html
Realloc Bug with X.509 certificates in GnuPG
==============================================
2010-07-23
Solution
========
Apply the following patch.
an exploit won't be
easy to write because the attack vector must fit into a valid ASN.1
DER encoded DN. To further complicate the task, that DN is not used
directly but after a transformation to RFC-2253 format.
--
Managing Director - Owner: www.intevation.net (Free Software Company)
Deputy Coordinator Germany: fsfe.org. Board member: www.kolabsys.com.
Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
Url : http://lists.wald.intevation.org/pipermail/gpg4win-devel/attachments/20100728/67491418/attachment.pgp
More information about the Gpg4win-devel
mailing list