https://bugzilla.novell.com/show_bug.cgi?id=844175 https://bugzilla.novell.com/show_bug.cgi?id=844175#c0 Summary: GnuPG 2.0.22 and 1.4.15 fix denial of service through infinite recursion in the compressed packet parser CVE-2013-4402 Classification: openSUSE Product: openSUSE 12.3 Version: Final Platform: All OS/Version: openSUSE 12.3 Status: NEW Severity: Normal Priority: P5 - None Component: Security AssignedTo: security-team@suse.de ReportedBy: Andreas.Stieger@gmx.de QAContact: qa-bugs@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; Linux i686; rv:24.0) Gecko/20100101 Firefox/24.0

From http://lists.gnupg.org/pipermail/gnupg-announce/2013q4/000333.html

What's New in 2.0.22 ==================== * Fixed possible infinite recursion in the compressed packet parser. [CVE-2013-4402] * Improved support for some card readers. * Prepared building with the forthcoming Libgcrypt 1.6. * Protect against rogue keyservers sending secret keys. Also GnuPG 1.4.15 contains the fix. Reproducible: Always Steps to Reproduce: 1. 2. 3. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.