Ubuntu
gpgme1.0 package

Debdiff to fix CVE-2007-1263 in feisty and edgy

Bug #90864 reported by Michael Bienia on 2007-03-09

4

Affects		Status	Importance	Assigned to	Milestone
	gpgme1.0 (Ubuntu)	Fix Released	Medium	Kees Cook
	Breezy	Invalid	Low	Unassigned
	Dapper	Fix Released	Medium	Kees Cook
	Edgy	Fix Released	Medium	Kees Cook
	Feisty	Fix Released	Medium	Kees Cook

Bug Description

gpgme1.0 (1.1.2-2ubuntu1) feisty; urgency=low

  * SECURITY UPDATE: detect and bail out on double plaintext messages
  * debian/patches/20_CVE-2007-1263.dpatch: upstream patch.
  * References:
    ftp://ftp.gnupg.org/gcrypt/gpgme/patches/gpgme-1.1.3-multiple-message.patch
    CVE-2007-1263
  * debian/control: Change Maintainer/XSBC-Original-Maintainer field.

-- Michael Bienia <email address hidden> Fri, 9 Mar 2007 16:23:36 +0100

CVE References

2007-1263

Revision history for this message

Michael Bienia (geser) wrote on 2007-03-09:

#1

debdiff for feisty Edit (3.9 KiB, text/plain)

Revision history for this message

Michael Bienia (geser) wrote on 2007-03-09:

#2

debdiff for edgy Edit (3.9 KiB, text/plain)

Revision history for this message

Kees Cook (kees) wrote on 2007-03-09:

#3

Thanks for getting this put together! I'm building them now and they should be published shortly...

Changed in gpgme1.0:
assignee:	nobody → keescook
importance:	Undecided → Medium
status:	Unconfirmed → In Progress
assignee:	nobody → keescook
status:	Unconfirmed → In Progress
importance:	Undecided → Medium
assignee:	nobody → keescook
importance:	Undecided → Medium
status:	Unconfirmed → Confirmed
assignee:	nobody → keescook
importance:	Undecided → Medium
status:	Unconfirmed → Confirmed

Kees Cook (kees) on 2007-03-09

Changed in gpgme1.0:
status:	In Progress → Fix Released

Revision history for this message

Kees Cook (kees) wrote on 2007-03-12:

#4

Breezy's gpgme1.0 doesn't even parse plaintext notifications, and will be EOL'ing in a month.

Changed in gpgme1.0:
importance:	Medium → Wishlist
status:	In Progress → Fix Committed
importance:	Wishlist → Low
assignee:	keescook → nobody
status:	Confirmed → Fix Committed

Kees Cook (kees) on 2007-03-13

Changed in gpgme1.0:
status:	Fix Committed → Fix Released
status:	Fix Committed → Fix Released

Revision history for this message

Kees Cook (kees) wrote on 2007-03-13:

#5

Fixes released as USN-432-2:

http://www.ubuntu.com/usn/usn-432-2

Revision history for this message

Marco Rodrigues (gothicx) wrote on 2007-04-13:

#6

Breezy support is over.. Today it's Breezy End Of Life!

Changed in gpgme1.0:
status:	Confirmed → Rejected

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Patches

Add patch

Remote bug watches

Bug watches keep track of this bug in other bug trackers.