[gnupg] Updated (1.4.7 -> 1.4.9) : SECURITY - HIGH

CVE-2008-1530 (High) : GnuPG (gpg) 1.4.8 and 2.0.8 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted duplicate keys that are imported from key servers, which triggers "memory corruption around deduplication of user IDs."
17 years ago · 990ab54d09
1 changed files with 3 additions and 5 deletions
--- a/security/gnupg/gnupg.desc
+++ b/security/gnupg/gnupg.desc
@ -1,9 +1,8 @@
-
 [COPY] --- SDE-COPYRIGHT-NOTE-BEGIN ---
 [COPY] This copyright note is auto-generated by ./scripts/Create-CopyPatch.
 [COPY]
 [COPY] Filename: package/.../gnupg/gnupg.desc
-[COPY] Copyright (C) 2006 - 2007 The OpenSDE Project
+[COPY] Copyright (C) 2006 - 2008 The OpenSDE Project
 [COPY] Copyright (C) 2004 - 2006 The T2 SDE Project
 [COPY] Copyright (C) 1998 - 2003 Clifford Wolf
 [COPY]
@ -44,11 +43,10 @@

 [L] GPL
 [S] Stable
-[V] 1.4.7
+[V] 1.4.9
 [P] X -----5---9 118.100

 [SRC] .

-[D] 3922038405 gnupg-1.4.7.tar.gz ftp://ftp.gnupg.org/gcrypt/gnupg/
+[D] 2389819204 gnupg-1.4.9.tar.gz ftp://ftp.gnupg.org/gcrypt/gnupg/
 [D] 3598666848 pgpgpg-0.13.tar.gz http://www.nessie.de/mroth/pgpgpg/
-