|
From http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-6085:
"The read_block function in g10/import.c in GnuPG 1.4.x before 1.4.13 and 2.0.x
through 2.0.19, when importing a key, allows remote attackers to corrupt the
public keyring database or cause a denial of service (application crash) via a
crafted length field of an OpenPGP packet."
Patch taken from upstream git, which is identical in both branches.
(From OE-Core rev: 44ed6605c1978325782d229d0c01329465c4c5c7)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|