From 990ab54d09b364a8b86384b4767b4f6a6fda6b1f Mon Sep 17 00:00:00 2001
From: Aldas Nabazas <aldas@opensde.net>
Date: Sat, 26 Apr 2008 20:11:57 +0200
Subject: [PATCH] [gnupg] Updated (1.4.7 -> 1.4.9) : SECURITY - HIGH

CVE-2008-1530 (High) :
GnuPG (gpg) 1.4.8 and 2.0.8 allows remote attackers to cause a denial of service (crash) and
possibly execute arbitrary code via crafted duplicate keys that are imported from key servers,
which triggers "memory corruption around deduplication of user IDs."
---
 security/gnupg/gnupg.desc | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/security/gnupg/gnupg.desc b/security/gnupg/gnupg.desc
index bda91fc51..a23ed8011 100644
--- a/security/gnupg/gnupg.desc
+++ b/security/gnupg/gnupg.desc
@@ -1,9 +1,8 @@
-
 [COPY] --- SDE-COPYRIGHT-NOTE-BEGIN ---
 [COPY] This copyright note is auto-generated by ./scripts/Create-CopyPatch.
 [COPY]
 [COPY] Filename: package/.../gnupg/gnupg.desc
-[COPY] Copyright (C) 2006 - 2007 The OpenSDE Project
+[COPY] Copyright (C) 2006 - 2008 The OpenSDE Project
 [COPY] Copyright (C) 2004 - 2006 The T2 SDE Project
 [COPY] Copyright (C) 1998 - 2003 Clifford Wolf
 [COPY]
@@ -44,11 +43,10 @@
 
 [L] GPL
 [S] Stable
-[V] 1.4.7
+[V] 1.4.9
 [P] X -----5---9 118.100
 
 [SRC] .
 
-[D] 3922038405 gnupg-1.4.7.tar.gz ftp://ftp.gnupg.org/gcrypt/gnupg/
+[D] 2389819204 gnupg-1.4.9.tar.gz ftp://ftp.gnupg.org/gcrypt/gnupg/
 [D] 3598666848 pgpgpg-0.13.tar.gz http://www.nessie.de/mroth/pgpgpg/
-